From maria.schwarz@aggm.at Thu Jan 1 02:13:29 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F0A393A6AAE for ; Thu, 1 Jan 2009 02:13:29 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -17.077 X-Spam-Level: X-Spam-Status: No, score=-17.077 tagged_above=-999 required=5 tests=[BAYES_99=3.5, HTML_IMAGE_ONLY_16=1.526, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_2=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_SBL=20, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id znGXSapeEIjx for ; Thu, 1 Jan 2009 02:13:29 -0800 (PST) Received: from pop-93-6.azeronline.com (pop-93-6.azeronline.com [62.217.152.6]) by core3.amsl.com (Postfix) with SMTP id 497E73A67D7 for ; Thu, 1 Jan 2009 02:13:22 -0800 (PST) To: Subject: May your Dreams Come True! From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090101101324.497E73A67D7@core3.amsl.com> Date: Thu, 1 Jan 2009 02:13:22 -0800 (PST)


Please do not reply to this email. To contact Armstrong Shank Advertising, please visit us

This email message was sent to . If you do not wish to receive further communications from Armstrong Shank Advertising, click here to unsubscribe.

If you've experience any difficulty in being removed from a Armstrong Shank Advertising email list, click here for personalized help.

Copyright © 2008 Armstrong Shank Advertising, Inc. All rights reserved.
7450 S Seneca, Haysville, KS 67060

From owner-ietf-smime@mail.imc.org Thu Jan 1 03:26:27 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A4E4D3A679C for ; Thu, 1 Jan 2009 03:26:27 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.061 X-Spam-Level: X-Spam-Status: No, score=-4.061 tagged_above=-999 required=5 tests=[AWL=-0.462, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TgND6QeLl8kT for ; Thu, 1 Jan 2009 03:26:26 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id E76863A6904 for ; Thu, 1 Jan 2009 03:26:25 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n01BBcIS051836 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 1 Jan 2009 04:11:38 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n01BBb2R051834; Thu, 1 Jan 2009 04:11:37 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from mailhost.auckland.ac.nz (curly.its.auckland.ac.nz [130.216.12.33]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n01BBP2m051800; Thu, 1 Jan 2009 04:11:36 -0700 (MST) (envelope-from pgut001@cs.auckland.ac.nz) Received: from localhost (localhost.localdomain [127.0.0.1]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id 576539D817; Fri, 2 Jan 2009 00:11:23 +1300 (NZDT) X-Virus-Scanned: by amavisd-new at mailhost.auckland.ac.nz Received: from mailhost.auckland.ac.nz ([127.0.0.1]) by localhost (curly.its.auckland.ac.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id StmylvlTOtW7; Fri, 2 Jan 2009 00:11:23 +1300 (NZDT) Received: from iris.cs.auckland.ac.nz (iris.cs.auckland.ac.nz [130.216.33.152]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id DE48F9D81F; Fri, 2 Jan 2009 00:11:07 +1300 (NZDT) Received: from wintermute01.cs.auckland.ac.nz (wintermute01.cs.auckland.ac.nz [130.216.34.38]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by iris.cs.auckland.ac.nz (Postfix) with ESMTP id 7EC871BE4002; Fri, 2 Jan 2009 00:11:01 +1300 (NZDT) Received: from pgut001 by wintermute01.cs.auckland.ac.nz with local (Exim 4.63) (envelope-from ) id 1LILS9-0005ff-DN; Fri, 02 Jan 2009 00:11:01 +1300 From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: SChokhani@cygnacom.com, tmiller@mitre.org Subject: RE: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate Cc: cfrg@irtf.org, ietf-pkix@imc.org, ietf-smime@imc.org, saag@ietf.org In-Reply-To: Message-Id: Date: Fri, 02 Jan 2009 00:11:01 +1300 Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: "Santosh Chokhani" writes: >We are simply not vigilant enough. This issue has been on our plate since >2004. It's not just this, the fact that there were CA certs out there with the CA flag (in basicConstraints) not set was known for at least five years before widespread bad publicity forced CAs to address it, the RSA exponent=1 debacle was known for at least that long but no-one cared until there was lots of bad publicity about it... there's a really serious problem with CAs and vendors simply not caring about PKI security until bad publicity forces a change, the curent MD5 issue (and the mozilla.com cert debacle and the Gromozon malware- signing cert issue and ...) are just the latest examples. It's like the Microsoft of ten years ago, security holes just get ignored until bad publicity forces a fix (and even then it's often more of a sidestep to avoid further criticism than an actual fix). It's small wonder that there's such widespread cynicism about PKI when even the organisations pushing it don't seem to care whether it's done properly or not. Peter. From a.ftan@lloydwise.com.sg Thu Jan 1 03:49:19 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5D8B33A679C; Thu, 1 Jan 2009 03:49:19 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -32.593 X-Spam-Level: X-Spam-Status: No, score=-32.593 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_CUST=0.245, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_SBL=20, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NDNA6bkU4a42; Thu, 1 Jan 2009 03:49:18 -0800 (PST) Received: from vpn-195-69-246-78.customer.onet.com.ua (vpn-195-69-246-78.customer.onet.com.ua [195.69.246.78]) by core3.amsl.com (Postfix) with SMTP id 82E1D3A6904; Thu, 1 Jan 2009 03:49:12 -0800 (PST) Message-ID: Date: Thu, 01 Jan 2009 06:49:00 -0500 From: "Mauricio Staton" Subject: Franck Muller watch for a New Year Gift! To: smime-archive@megatron.ietf.org Content-Type: text/plain Content-Transfer-Encoding: 7bit Dear Mauricio, How about buying yourself a two IWC watches the same day? It's not impossible, mostly when you can get them for a couple hundred bucks http://www.peonmind.com/ Get two deeply discounted watches and take an extra 15% discount. http://www.peonmind.com/ Our IWC watches have perfect weight and feel same as orginal. Sincerely, Mr Staton From owner-ietf-smime@mail.imc.org Thu Jan 1 03:50:22 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CA8033A6927 for ; Thu, 1 Jan 2009 03:50:22 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.432 X-Spam-Level: X-Spam-Status: No, score=-1.432 tagged_above=-999 required=5 tests=[AWL=0.037, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QN59HCwMj+xa for ; Thu, 1 Jan 2009 03:50:22 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id A775C3A6904 for ; Thu, 1 Jan 2009 03:50:21 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n01Be5WX053633 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 1 Jan 2009 04:40:05 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n01Be5LA053632; Thu, 1 Jan 2009 04:40:05 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from scygmxsecs1.cygnacom.com (scygmxsecs1.cygnacom.com [65.242.48.253]) by balder-227.proper.com (8.14.2/8.14.2) with SMTP id n01BdrH6053588 for ; Thu, 1 Jan 2009 04:40:03 -0700 (MST) (envelope-from SChokhani@cygnacom.com) Received: (qmail 10279 invoked from network); 1 Jan 2009 11:40:15 -0000 Received: from SChokhani@cygnacom.com by scygmxsecs1.cygnacom.com with EntrustECS-Server-7.4;01 Jan 2009 11:40:15 -0000 Received: from unknown (HELO scygexch1.cygnacom.com) (10.60.50.8) by scygmxsecs1.cygnacom.com with SMTP; 1 Jan 2009 11:40:15 -0000 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft Exchange V6.5 Subject: RE: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Date: Thu, 1 Jan 2009 06:39:50 -0500 Message-ID: In-Reply-To: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Thread-Index: AclsApjZvyr7mv5ST36mpmxAU3jJIwAAnlMA References: <495BA5E9.8040305@pobox.com> From: "Santosh Chokhani" To: "Peter Gutmann" , , Cc: , , Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Also, for the actual attack, the ordering of extensions will not work as long as the certificate size does not change. If you look at the actual attack, collision block in the real certificate is up to the SPKI. The extension values from the real certificate are simply copied in the tumor of the rogue certificate. Given the property that if H(M) =3D H (M') then H(M | X) =3D H (M' | X), = the attacker simply copies the extensions from actual certificate in the tumor. -----Original Message----- From: saag-bounces@ietf.org [mailto:saag-bounces@ietf.org] On Behalf Of Peter Gutmann Sent: Thursday, January 01, 2009 6:18 AM To: ietf-pkix@imc.org; mike-list@pobox.com Cc: ietf-smime@imc.org; cfrg@irtf.org; saag@ietf.org Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Mike writes: >> We are simply not vigilant enough. This issue has been on our plate >> since 2004. >> >> SHA-1 is next and neither the client side vendors nor the big >> Enterprises have pushed to move to SHA-256. > >There is a simple fix -- a CA can just reorder the extensions prior to >issuing a certificate. That's actually a nice fix, but unfortunately not universally applicable: for some types of signed data (e.g. S/MIME attributes) the DER rules require sorting the encoded extensions, so there's only one valid order for them (and some applications actually check for this, so you have to do it or sig checks will start failing). Peter. _______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/listinfo/saag From owner-ietf-smime@mail.imc.org Thu Jan 1 04:29:08 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A60983A694D for ; Thu, 1 Jan 2009 04:29:08 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.599 X-Spam-Level: X-Spam-Status: No, score=-5.599 tagged_above=-999 required=5 tests=[AWL=1.000, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y4BqYyi8GMaL for ; Thu, 1 Jan 2009 04:29:08 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 955EF3A6905 for ; Thu, 1 Jan 2009 04:29:07 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n01BIANN052421 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 1 Jan 2009 04:18:10 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n01BIAuj052418; Thu, 1 Jan 2009 04:18:10 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from mailhost.auckland.ac.nz (moe.its.auckland.ac.nz [130.216.12.35]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n01BHqnm052370; Thu, 1 Jan 2009 04:18:09 -0700 (MST) (envelope-from pgut001@cs.auckland.ac.nz) Received: from localhost (localhost.localdomain [127.0.0.1]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id B9719481C06; Fri, 2 Jan 2009 00:17:51 +1300 (NZDT) X-Virus-Scanned: by amavisd-new at mailhost.auckland.ac.nz Received: from mailhost.auckland.ac.nz ([127.0.0.1]) by localhost (moe.its.auckland.ac.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PPAZbKuv7Db5; Fri, 2 Jan 2009 00:17:51 +1300 (NZDT) Received: from iris.cs.auckland.ac.nz (iris.cs.auckland.ac.nz [130.216.33.152]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id 048B4481BFB; Fri, 2 Jan 2009 00:17:51 +1300 (NZDT) Received: from wintermute01.cs.auckland.ac.nz (wintermute01.cs.auckland.ac.nz [130.216.34.38]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by iris.cs.auckland.ac.nz (Postfix) with ESMTP id 2436B1BE4002; Fri, 2 Jan 2009 00:17:50 +1300 (NZDT) Received: from pgut001 by wintermute01.cs.auckland.ac.nz with local (Exim 4.63) (envelope-from ) id 1LILYj-00066V-WE; Fri, 02 Jan 2009 00:17:50 +1300 From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: ietf-pkix@imc.org, mike-list@pobox.com Subject: Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate Cc: cfrg@irtf.org, ietf-smime@imc.org, saag@ietf.org In-Reply-To: <495BA5E9.8040305@pobox.com> Message-Id: Date: Fri, 02 Jan 2009 00:17:49 +1300 Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Mike writes: >> We are simply not vigilant enough. This issue has been on our plate >> since 2004. >> >> SHA-1 is next and neither the client side vendors nor the big >> Enterprises have pushed to move to SHA-256. > >There is a simple fix -- a CA can just reorder the extensions prior to >issuing a certificate. That's actually a nice fix, but unfortunately not universally applicable: for some types of signed data (e.g. S/MIME attributes) the DER rules require sorting the encoded extensions, so there's only one valid order for them (and some applications actually check for this, so you have to do it or sig checks will start failing). Peter. From cheri@jacksonorthopedics.com Thu Jan 1 05:27:37 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9C4E628C604; Thu, 1 Jan 2009 05:27:37 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -35.017 X-Spam-Level: X-Spam-Status: No, score=-35.017 tagged_above=-999 required=5 tests=[BAYES_99=3.5, HELO_EQ_PL=1.135, HOST_EQ_PL=1.95, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N8H1MWUtDDlF; Thu, 1 Jan 2009 05:27:37 -0800 (PST) Received: from 093105157140.bpl.vectranet.pl (093105157140.bpl.vectranet.pl [93.105.157.140]) by core3.amsl.com (Postfix) with SMTP id 1FE8B29599E; Thu, 1 Jan 2009 05:12:01 -0800 (PST) Message-ID: Date: Thu, 01 Jan 2009 08:11:55 -0500 From: "Rex Bullock" Subject: Gucci watch for a New Year Gift! To: sip@ietf.org Content-Type: text/plain Content-Transfer-Encoding: 7bit Dear Rex, Christmas is the time to get Omega watch, and the only place to get top notch watches that look and perform exactly like the originals is http://www.clipcape.com/ Take an extra 15% off your purchase during month of December. http://www.clipcape.com/ Our Omega watches have perfect weight and feel same as orginal. Sincerely, Mr Bullock From owner-ietf-smime@mail.imc.org Thu Jan 1 07:25:25 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9E61D28C135 for ; Thu, 1 Jan 2009 07:25:20 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.434 X-Spam-Level: X-Spam-Status: No, score=-1.434 tagged_above=-999 required=5 tests=[AWL=0.035, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yfa8IqneJM56 for ; Thu, 1 Jan 2009 07:25:18 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 5DDB23A6988 for ; Thu, 1 Jan 2009 07:25:14 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n01FF3II074324 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 1 Jan 2009 08:15:03 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n01FF3Pj074322; Thu, 1 Jan 2009 08:15:03 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from scygmxsecs1.cygnacom.com (scygmxsecs1.cygnacom.com [65.242.48.253]) by balder-227.proper.com (8.14.2/8.14.2) with SMTP id n01FEp6C074280 for ; Thu, 1 Jan 2009 08:15:01 -0700 (MST) (envelope-from SChokhani@cygnacom.com) Received: (qmail 11256 invoked from network); 1 Jan 2009 15:15:13 -0000 Received: from SChokhani@cygnacom.com by scygmxsecs1.cygnacom.com with EntrustECS-Server-7.4;01 Jan 2009 15:15:13 -0000 Received: from unknown (HELO scygexch1.cygnacom.com) (10.60.50.8) by scygmxsecs1.cygnacom.com with SMTP; 1 Jan 2009 15:15:13 -0000 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft Exchange V6.5 Subject: RE: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate Date: Thu, 1 Jan 2009 10:14:49 -0500 Message-ID: In-Reply-To: <1b587cab0901010706j6e8cd2f8pf23345660a4825a5@mail.gmail.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate Thread-Index: AclsIoYaC7zrH+YEQlGlPwinB2nccwAAQV+A References: <495BA5E9.8040305@pobox.com> <1b587cab0901010706j6e8cd2f8pf23345660a4825a5@mail.gmail.com> From: "Santosh Chokhani" To: "Ben Laurie" , "Peter Gutmann" Cc: , , , , Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Changing the order of extensions does not change their meaning. Actually, a CA could put the extensions in random order for various certificates. The attack will still work if the certificate size does not change. -----Original Message----- From: cfrg-bounces@irtf.org [mailto:cfrg-bounces@irtf.org] On Behalf Of Ben Laurie Sent: Thursday, January 01, 2009 10:06 AM To: Peter Gutmann Cc: ietf-pkix@imc.org; mike-list@pobox.com; cfrg@irtf.org; saag@ietf.org; ietf-smime@imc.org Subject: Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate On Thu, Jan 1, 2009 at 11:17 AM, Peter Gutmann wrote: > > Mike writes: > >There is a simple fix -- a CA can just reorder the extensions prior to > >issuing a certificate. > > That's actually a nice fix, but unfortunately not universally applicable: for > some types of signed data (e.g. S/MIME attributes) the DER rules require > sorting the encoded extensions, so there's only one valid order for them (and > some applications actually check for this, so you have to do it or sig checks > will start failing). Surely the whole point of DER is that there's only one correct way to encode any particular certificate? So, either extensions must be sorted, or changing their order changes their meaning. Either way, nothing can be reordered. _______________________________________________ Cfrg mailing list Cfrg@irtf.org https://www.irtf.org/mailman/listinfo/cfrg From owner-ietf-smime@mail.imc.org Thu Jan 1 08:02:55 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E5A193A6874 for ; Thu, 1 Jan 2009 08:02:55 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.569 X-Spam-Level: X-Spam-Status: No, score=-2.569 tagged_above=-999 required=5 tests=[AWL=0.031, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f31TOJaVEhJ4 for ; Thu, 1 Jan 2009 08:02:55 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id D24D03A65A5 for ; Thu, 1 Jan 2009 08:02:54 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n01FqYVU077523 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 1 Jan 2009 08:52:44 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n01FqYju077522; Thu, 1 Jan 2009 08:52:34 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from sasl.smtp.pobox.com (a-sasl-quonix.sasl.smtp.pobox.com [208.72.237.25]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n01FqMXt077493; Thu, 1 Jan 2009 08:52:33 -0700 (MST) (envelope-from mike-list@pobox.com) Received: from localhost.localdomain (unknown [127.0.0.1]) by b-sasl-quonix.sasl.smtp.pobox.com (Postfix) with ESMTP id 485131B89A; Thu, 1 Jan 2009 10:52:22 -0500 (EST) Received: from [192.168.1.8] (unknown [24.234.114.35]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by b-sasl-quonix.sasl.smtp.pobox.com (Postfix) with ESMTPSA id 43CE11B898; Thu, 1 Jan 2009 10:52:16 -0500 (EST) Message-ID: <495CE68A.5040709@pobox.com> Date: Thu, 01 Jan 2009 07:51:38 -0800 From: Mike User-Agent: Thunderbird 2.0.0.18 (Windows/20081105) MIME-Version: 1.0 To: ietf-pkix@imc.org CC: cfrg@irtf.org, saag@ietf.org, ietf-smime@imc.org Subject: Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate References: <495BA5E9.8040305@pobox.com> <1b587cab0901010706j6e8cd2f8pf23345660a4825a5@mail.gmail.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Pobox-Relay-ID: 2D5E92AE-D81C-11DD-B34D-F83E113D384A-38729857!a-sasl-quonix.pobox.com Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Is there anything that could be added to RP software to reliably detect and thwart the use of a rogue CA certificate? Or would any attempt to do that just cause too many problems? Mike (who is writing "I am not a security expert" 100 times on the chalkboard) From owner-ietf-smime@mail.imc.org Thu Jan 1 09:32:44 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8AF603A65A5 for ; Thu, 1 Jan 2009 09:32:44 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.578 X-Spam-Level: X-Spam-Status: No, score=-2.578 tagged_above=-999 required=5 tests=[AWL=0.021, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QfQ+Um1u2FF5 for ; Thu, 1 Jan 2009 09:32:43 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id CA8E33A68B9 for ; Thu, 1 Jan 2009 09:30:54 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n01HKGos085008 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 1 Jan 2009 10:20:16 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n01HKG1B085006; Thu, 1 Jan 2009 10:20:16 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from [10.20.30.158] (dsl-63-249-108-169.cruzio.com [63.249.108.169]) (authenticated bits=0) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n01HK1Rw084974 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 1 Jan 2009 10:20:02 -0700 (MST) (envelope-from paul.hoffman@vpnc.org) Mime-Version: 1.0 Message-Id: In-Reply-To: <1b587cab0901010706j6e8cd2f8pf23345660a4825a5@mail.gmail.com> References: <495BA5E9.8040305@pobox.com> <1b587cab0901010706j6e8cd2f8pf23345660a4825a5@mail.gmail.com> Date: Thu, 1 Jan 2009 09:20:00 -0800 To: Ben Laurie , Peter Gutmann From: Paul Hoffman Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Cc: ietf-pkix@imc.org, mike-list@pobox.com, cfrg@irtf.org, saag@ietf.org, ietf-smime@imc.org Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: At 3:06 PM +0000 1/1/09, Ben Laurie wrote: >Surely the whole point of DER is that there's only one correct way to >encode any particular certificate? Not so "surely". The SEQUENCE for extensions does not say what order they should be in. >So, either extensions must be sorted, or changing their order changes >their meaning. Either way, nothing can be reordered. Wrong on both counts. Each extension has stand-alone semantics, and they can be in any order. However, this is irrelevant for the MD5 break discussion, as is clearly shown in the paper. --Paul Hoffman, Director --VPN Consortium From owner-ietf-smime@mail.imc.org Thu Jan 1 10:00:57 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 98C233A67F5 for ; Thu, 1 Jan 2009 10:00:57 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.405 X-Spam-Level: X-Spam-Status: No, score=-2.405 tagged_above=-999 required=5 tests=[AWL=0.194, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m3WVDfgJzYkY for ; Thu, 1 Jan 2009 10:00:57 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 8680F3A65A5 for ; Thu, 1 Jan 2009 10:00:56 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n01GowVU082693 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 1 Jan 2009 09:50:58 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n01GovJl082691; Thu, 1 Jan 2009 09:50:57 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from romeo.rtfm.com (romeo.rtfm.com [74.95.2.173]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n01GolS6082663 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 1 Jan 2009 09:50:57 -0700 (MST) (envelope-from ekr@networkresonance.com) Received: from romeo.rtfm.com (localhost.rtfm.com [127.0.0.1]) by romeo.rtfm.com (Postfix) with ESMTP id 5783750822; Thu, 1 Jan 2009 09:07:06 -0800 (PST) Date: Thu, 01 Jan 2009 09:07:05 -0800 From: Eric Rescorla To: Mike Cc: ietf-pkix@imc.org, cfrg@irtf.org, saag@ietf.org, ietf-smime@imc.org Subject: Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate In-Reply-To: <495CE68A.5040709@pobox.com> References: <495BA5E9.8040305@pobox.com> <1b587cab0901010706j6e8cd2f8pf23345660a4825a5@mail.gmail.com> <495CE68A.5040709@pobox.com> User-Agent: Wanderlust/2.14.0 (Africa) Emacs/21.3 Mule/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Message-Id: <20090101170706.5783750822@romeo.rtfm.com> Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: At Thu, 01 Jan 2009 07:51:38 -0800, Mike wrote: > > > Is there anything that could be added to RP software to reliably > detect and thwart the use of a rogue CA certificate? Or would > any attempt to do that just cause too many problems? > > Mike (who is writing "I am not a security expert" 100 times on > the chalkboard) You could certainly add a check for this particular certificate and any others you discovered. To the extent to which CAs no longer use MD5, this would likely quickly clean up the damage. It's less clear that you could safely detect this kind of cert in a generic way. -Ekr From owner-ietf-smime@mail.imc.org Thu Jan 1 10:53:20 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BD1253A6972 for ; Thu, 1 Jan 2009 10:53:20 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LVJDUm6Vknd5 for ; Thu, 1 Jan 2009 10:53:20 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id AD04D3A6801 for ; Thu, 1 Jan 2009 10:53:19 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n01Higb7086887 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 1 Jan 2009 10:44:42 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n01Hig7k086882; Thu, 1 Jan 2009 10:44:42 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n01HiTqF086851 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 1 Jan 2009 10:44:41 -0700 (MST) (envelope-from ben@links.org) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 5BA8133C1E; Thu, 1 Jan 2009 17:46:01 +0000 (GMT) Message-ID: <495D0100.6000200@links.org> Date: Thu, 01 Jan 2009 17:44:32 +0000 From: Ben Laurie User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070326 Thunderbird/2.0.0.0 Mnenhy/0.7.4.0 MIME-Version: 1.0 To: Paul Hoffman CC: Ben Laurie , Peter Gutmann , ietf-pkix@imc.org, mike-list@pobox.com, cfrg@irtf.org, saag@ietf.org, ietf-smime@imc.org Subject: Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate References: <495BA5E9.8040305@pobox.com> <1b587cab0901010706j6e8cd2f8pf23345660a4825a5@mail.gmail.com> In-Reply-To: X-Enigmail-Version: 0.95.7 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Paul Hoffman wrote: > At 3:06 PM +0000 1/1/09, Ben Laurie wrote: >> Surely the whole point of DER is that there's only one correct way to >> encode any particular certificate? > > Not so "surely". The SEQUENCE for extensions does not say what order they should be in. That doesn't change the _point_ of DER. If extensions should have been specified as a SET but are defined as a SEQUENCE, then they are broken (technically). >> So, either extensions must be sorted, or changing their order changes >> their meaning. Either way, nothing can be reordered. > > Wrong on both counts. Each extension has stand-alone semantics, and they can be in any order. My point was about the correct use of DER. It seems extensions use it incorrectly. > However, this is irrelevant for the MD5 break discussion, as is clearly shown in the paper. I am discussing the correct use of DER :-) -- http://www.apache-ssl.org/ben.html http://www.links.org/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff From 0zine2@zen-pre.com Thu Jan 1 11:24:42 2009 Return-Path: <0zine2@zen-pre.com> X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5CE0E28C16C; Thu, 1 Jan 2009 11:24:42 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -11.259 X-Spam-Level: X-Spam-Status: No, score=-11.259 tagged_above=-999 required=5 tests=[BAYES_50=0.001, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR2=4.395, HELO_EQ_BR=0.955, HOST_EQ_BR=1.295, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, TVD_RCVD_IP=1.931, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_SBL=20, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id datPRGvXAbdm; Thu, 1 Jan 2009 11:24:41 -0800 (PST) Received: from 201-69-82-136.dial-up.telesp.net.br (201-69-82-136.dial-up.telesp.net.br [201.69.82.136]) by core3.amsl.com (Postfix) with SMTP id ACF0D28C16A; Thu, 1 Jan 2009 11:24:29 -0800 (PST) Message-ID: Date: Thu, 01 Jan 2009 14:24:17 -0500 From: "Kirk Hinton" Subject: Vacheron Constantin cheaper than you could imagine! To: smime-archive@megatron.ietf.org Content-Type: text/plain Content-Transfer-Encoding: 7bit Dear Kirk, Christmas is the time to get Longines watch, and the only place to get top notch watches that look and perform exactly like the originals is http://www.peonpact.com/ Get two deeply discounted watches and take an extra 15% discount. http://www.peonpact.com/ Our Longines have all appropriate markings, wordings and engravings same as orginal. Sincerely, Mr Hinton From owner-ietf-smime@mail.imc.org Thu Jan 1 11:40:14 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A0C6D28C17E for ; Thu, 1 Jan 2009 11:40:14 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.438 X-Spam-Level: X-Spam-Status: No, score=-1.438 tagged_above=-999 required=5 tests=[AWL=0.031, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vZqZrYHvdSaF for ; Thu, 1 Jan 2009 11:40:13 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 7E52028C17A for ; Thu, 1 Jan 2009 11:40:13 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n01JU0dK093881 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 1 Jan 2009 12:30:00 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n01JU0RY093877; Thu, 1 Jan 2009 12:30:00 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from scygmxsecs1.cygnacom.com (scygmxsecs1.cygnacom.com [65.242.48.253]) by balder-227.proper.com (8.14.2/8.14.2) with SMTP id n01JTmav093844 for ; Thu, 1 Jan 2009 12:29:58 -0700 (MST) (envelope-from SChokhani@cygnacom.com) Received: (qmail 12442 invoked from network); 1 Jan 2009 19:30:10 -0000 Received: from SChokhani@cygnacom.com by scygmxsecs1.cygnacom.com with EntrustECS-Server-7.4;01 Jan 2009 19:30:10 -0000 Received: from unknown (HELO scygexch1.cygnacom.com) (10.60.50.8) by scygmxsecs1.cygnacom.com with SMTP; 1 Jan 2009 19:30:10 -0000 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft Exchange V6.5 Subject: RE: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Date: Thu, 1 Jan 2009 14:29:46 -0500 Message-ID: In-Reply-To: <495D0100.6000200@links.org> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Thread-Index: AclsOJwh2A/o+dm4RcK781oKyPwOkAADl7sA References: <495BA5E9.8040305@pobox.com> <1b587cab0901010706j6e8cd2f8pf23345660a4825a5@mail.gmail.com> <495D0100.6000200@links.org> From: "Santosh Chokhani" To: "Ben Laurie" , "Paul Hoffman" Cc: , , , , Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: We must fix X.509 since it is not broken. We must preserve MD5 since it is weak. We must provide economic and political support to client side vendors who refuse to implement SHA-256. We must treat them with kid gloves and work around them. The world economy is in the tank. People want to shoot each other. I see a patent here that is not very random. -----Original Message----- From: saag-bounces@ietf.org [mailto:saag-bounces@ietf.org] On Behalf Of Ben Laurie Sent: Thursday, January 01, 2009 12:45 PM To: Paul Hoffman Cc: cfrg@irtf.org; ietf-smime@imc.org; saag@ietf.org; ietf-pkix@imc.org; mike-list@pobox.com Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Paul Hoffman wrote: > At 3:06 PM +0000 1/1/09, Ben Laurie wrote: >> Surely the whole point of DER is that there's only one correct way to >> encode any particular certificate? >=20 > Not so "surely". The SEQUENCE for extensions does not say what order they should be in. That doesn't change the _point_ of DER. If extensions should have been specified as a SET but are defined as a SEQUENCE, then they are broken (technically). >> So, either extensions must be sorted, or changing their order changes >> their meaning. Either way, nothing can be reordered. >=20 > Wrong on both counts. Each extension has stand-alone semantics, and they can be in any order. My point was about the correct use of DER. It seems extensions use it incorrectly. > However, this is irrelevant for the MD5 break discussion, as is clearly shown in the paper. I am discussing the correct use of DER :-) --=20 http://www.apache-ssl.org/ben.html http://www.links.org/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff _______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/listinfo/saag From owner-ietf-smime@mail.imc.org Thu Jan 1 11:49:09 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9B99428C180 for ; Thu, 1 Jan 2009 11:49:09 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pFA1XkmQMXNf for ; Thu, 1 Jan 2009 11:49:09 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 80C0328C187 for ; Thu, 1 Jan 2009 11:49:08 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n01JdraA094547 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 1 Jan 2009 12:39:53 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n01JdrPG094545; Thu, 1 Jan 2009 12:39:53 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n01Jdp9b094527 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 1 Jan 2009 12:39:52 -0700 (MST) (envelope-from ben@links.org) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 6A66333C1E; Thu, 1 Jan 2009 19:41:23 +0000 (GMT) Message-ID: <495D1C0A.2080105@links.org> Date: Thu, 01 Jan 2009 19:39:54 +0000 From: Ben Laurie User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070326 Thunderbird/2.0.0.0 Mnenhy/0.7.4.0 MIME-Version: 1.0 To: Santosh Chokhani CC: Paul Hoffman , cfrg@irtf.org, ietf-smime@imc.org, saag@ietf.org, ietf-pkix@imc.org, mike-list@pobox.com Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate References: <495BA5E9.8040305@pobox.com> <1b587cab0901010706j6e8cd2f8pf23345660a4825a5@mail.gmail.com> <495D0100.6000200@links.org> In-Reply-To: X-Enigmail-Version: 0.95.7 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Santosh Chokhani wrote: > We must fix X.509 since it is not broken. I am not suggesting that we should fix X.509, I am pointing out, in my own roundabout way, that X.509 certs are supposed to have a canonical form. But it seems they do not. Makes me wonder why we go to all the effort of using a supposedly canonical encoding that isn't? If we can only rely on the original bits in the cert when checking the signature, why bother? -- http://www.apache-ssl.org/ben.html http://www.links.org/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff From owner-ietf-smime@mail.imc.org Thu Jan 1 11:59:03 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CD6A528C16C for ; Thu, 1 Jan 2009 11:59:03 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.439 X-Spam-Level: X-Spam-Status: No, score=-1.439 tagged_above=-999 required=5 tests=[AWL=0.030, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DyfgxdLclC-n for ; Thu, 1 Jan 2009 11:59:03 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id A7BE63A68EF for ; Thu, 1 Jan 2009 11:59:02 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n01JmhPw095180 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 1 Jan 2009 12:48:43 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n01Jmh8b095177; Thu, 1 Jan 2009 12:48:43 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from scygmxsecs1.cygnacom.com (scygmxsecs1.cygnacom.com [65.242.48.253]) by balder-227.proper.com (8.14.2/8.14.2) with SMTP id n01JmfdP095154 for ; Thu, 1 Jan 2009 12:48:41 -0700 (MST) (envelope-from SChokhani@cygnacom.com) Received: (qmail 12536 invoked from network); 1 Jan 2009 19:49:03 -0000 Received: from SChokhani@cygnacom.com by scygmxsecs1.cygnacom.com with EntrustECS-Server-7.4;01 Jan 2009 19:49:03 -0000 Received: from unknown (HELO scygexch1.cygnacom.com) (10.60.50.8) by scygmxsecs1.cygnacom.com with SMTP; 1 Jan 2009 19:49:03 -0000 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft Exchange V6.5 Subject: RE: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Date: Thu, 1 Jan 2009 14:48:40 -0500 Message-ID: In-Reply-To: <495D1C0A.2080105@links.org> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Thread-Index: AclsSLgggyxnPlLcRtiDUadx0CecswAANOjQ References: <495BA5E9.8040305@pobox.com> <1b587cab0901010706j6e8cd2f8pf23345660a4825a5@mail.gmail.com> <495D0100.6000200@links.org> <495D1C0A.2080105@links.org> From: "Santosh Chokhani" To: "Ben Laurie" Cc: "Paul Hoffman" , , , , , Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: I do not think canonical means only one way to represent. Extensions have always been a SEQUENCE with their OID denoting what extension is next and their syntax. Actually, we find SET in the case of RDN problematic. -----Original Message----- From: Ben Laurie [mailto:ben@links.org]=20 Sent: Thursday, January 01, 2009 2:40 PM To: Santosh Chokhani Cc: Paul Hoffman; cfrg@irtf.org; ietf-smime@imc.org; saag@ietf.org; ietf-pkix@imc.org; mike-list@pobox.com Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Santosh Chokhani wrote: > We must fix X.509 since it is not broken. I am not suggesting that we should fix X.509, I am pointing out, in my own roundabout way, that X.509 certs are supposed to have a canonical form. But it seems they do not. Makes me wonder why we go to all the effort of using a supposedly canonical encoding that isn't? If we can only rely on the original bits in the cert when checking the signature, why bother? --=20 http://www.apache-ssl.org/ben.html http://www.links.org/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff From kathy.zurbruggi@aam.com Thu Jan 1 17:23:35 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 609E13A69CE for ; Thu, 1 Jan 2009 17:23:35 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -10.082 X-Spam-Level: X-Spam-Status: No, score=-10.082 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, GB_I_LETTER=-2, HELO_DYNAMIC_IPADDR2=4.395, HTML_EXTRA_CLOSE=2.809, HTML_IMAGE_ONLY_16=1.526, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_2=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_UNI=0.591, TVD_RCVD_IP=1.931, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Yc22yeYt-j0z for ; Thu, 1 Jan 2009 17:23:34 -0800 (PST) Received: from 83-157-96-9.rev.libertysurf.net (83-157-96-9.rev.libertysurf.net [83.157.96.9]) by core3.amsl.com (Postfix) with SMTP id 8BF073A67FD for ; Thu, 1 Jan 2009 17:23:33 -0800 (PST) To: Subject: Returned mail: see transcript for details From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090102012333.8BF073A67FD@core3.amsl.com> Date: Thu, 1 Jan 2009 17:23:33 -0800 (PST) About this mailing:
You are receiving this e-mail because you subscribed to MSN Featured Offers. Microsoft respects your privacy. If you do not wish to receive this MSN Featured Offers e-mail, please click the "Unsubscribe" link below. This will not unsubscribe you from e-mail communications from third-party advertisers that may appear in MSN Feature Offers. This shall not constitute an offer by MSN. MSN shall not be responsible or liable for the advertisers' content nor any of the goods or service advertised. Prices and item availability subject to change without notice.

C2008 Microsoft | Unsubscribe | More Newsletters | Privacy

Microsoft Corporation, One Microsoft Way, Redmond, WA 98052 From donotreply@forse.com Thu Jan 1 19:19:13 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1973C28C15F for ; Thu, 1 Jan 2009 19:19:13 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 4.239 X-Spam-Level: **** X-Spam-Status: No, score=4.239 tagged_above=-999 required=5 tests=[AWL=0.300, BAYES_50=0.001, FORGED_MUA_OUTLOOK=3.116, FORGED_OUTLOOK_TAGS=0.001, HTML_MESSAGE=0.001, MSOE_MID_WRONG_CASE=0.82] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BbPHmrcMoPtb for ; Thu, 1 Jan 2009 19:19:12 -0800 (PST) Received: from smtp1.tdm.co.mz (mail.tdm.co.mz [41.220.162.34]) by core3.amsl.com (Postfix) with ESMTP id 1D8CA28C135 for ; Thu, 1 Jan 2009 19:19:10 -0800 (PST) Received: (qmail 21841 invoked by uid 507); 2 Jan 2009 01:36:13 +0200 Received: from unknown (HELO Munjal-PC) (41.220.167.86) by smtp1.tdm.co.mz with SMTP; 2 Jan 2009 01:35:43 +0200 From: "Cheapest Calls." subject: ***High level SPAM*** smime-archive secret of making cheapest international calls right from your mobile phone. To: "smime-archive" Content-Type: multipart/alternative; boundary="=_NextPart_2rfkindysadvnqw3nerasdf"; charset="windows-1252" MIME-Version: 1.0 Date: Fri, 2 Jan 2009 01:37:24 +0200 X-Priority: 3 X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-vamsi: scanned Message-Id: <20090102031911.1D8CA28C135@core3.amsl.com> This is a multi-part message in MIME format --=_NextPart_2rfkindysadvnqw3nerasdf Content-Type: text/plain; charset="windows-1252" Content-Transfer-Encoding: quoted-printable Hi smime-archive ,=20 Are you looking for cheapest internation calls ? We can provide you Best Voice Quality Right from your Mobile Phone @ Lo= west Rates and Per Second Billing.=20 Some sample rates are as follows in USD per min. Brazil 0.0414=20 Phillipines 0.1290=20 India 0.0529 Nigeria 0.1297 Italy 0.0259 Zimbabwe 0.0725 UK 0.0227 Pakistan 0.0995=20 UAE 0.1645 Saudi Arebia 0.1081=20 Sigapore 0.0232=20 Japan 0.0357=20 For more information do email us only on cheapestcalls@indiatimes.com=20= Please do not reply to sender's email. That will not reach to us. Thanks.=20 --=_NextPart_2rfkindysadvnqw3nerasdf Content-Type: text/html; charset="windows-1252" Content-Transfer-Encoding: quoted-printable
Hi  smime-archive=20 ,
 
 
Are you=20 looking for cheapest internation calls ?
 
 
We can=20 provide you  Best Voice Quality Right from your= Mobile=20 Phone @ Lowest Rates and Per Second Billing.=20 =20
 
Some sampl= e rates are as=20 follows in USD per min.
 
Brazil        &n= bsp;  =20 0.0414=20
Phillipines      0.1290 =
India        &nb= sp;    0.0529
Nigeria        &= nbsp;0.1297
Italy        &nb= sp;     0.0259
Zimbabwe     0.0725
 UK        =       0.0227
Pakistan       =20 0.0995
UAE         = ;    0.1645
Saudi Arebia 0.1081
Sigapore       0.0232
Japan        &nb= sp;  =20 0.0357=20
 
 
 For more information do email us only on cheapestcalls@indiatimes.c= om
 
Please do not reply to sender's email= That will not reach to=20 us.
 
Thanks.
--=_NextPart_2rfkindysadvnqw3nerasdf-- From angela@hollywoodos.com Fri Jan 2 01:25:29 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2C4653A68A9; Fri, 2 Jan 2009 01:25:29 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -20.413 X-Spam-Level: X-Spam-Status: No, score=-20.413 tagged_above=-999 required=5 tests=[AWL=-2.521, BAYES_80=2, HELO_EQ_BR=0.955, HOST_EQ_BR=1.295, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SBL=20, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SA0EOMiLKd7I; Fri, 2 Jan 2009 01:25:28 -0800 (PST) Received: from 20151098074.user.veloxzone.com.br (20151098074.user.veloxzone.com.br [201.51.98.74]) by core3.amsl.com (Postfix) with SMTP id 8F1BA3A683D; Fri, 2 Jan 2009 01:25:03 -0800 (PST) Message-ID: Date: Fri, 02 Jan 2009 04:24:55 -0500 From: "Tamara Crawford" Subject: IWC watch models from 2009! To: sip@ietf.org Content-Type: text/plain Content-Transfer-Encoding: 7bit Dear Tamara, Christmas is the time to get Jaeger LeCoultre watch, and the only place to get top notch watches that look and perform exactly like the originals is http://www.peonmine.com/ With top notch customer service and super warranty, we stand behind our watches. http://www.peonmine.com/ Our Jaeger LeCoultre have all appropriate markings, wordings and engravings same as orginal. Sincerely, Mr Crawford From owner-ietf-smime@mail.imc.org Fri Jan 2 07:56:12 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4CC543A6873 for ; Fri, 2 Jan 2009 07:56:12 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.463 X-Spam-Level: X-Spam-Status: No, score=-4.463 tagged_above=-999 required=5 tests=[AWL=1.583, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EdXxAuONSbs7 for ; Fri, 2 Jan 2009 07:56:11 -0800 (PST) Received: from balder-227.proper.com (Balder-227.Proper.COM [192.245.12.227]) by core3.amsl.com (Postfix) with ESMTP id 3E0E43A63D2 for ; Fri, 2 Jan 2009 07:56:11 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n02EfVkv034476 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 2 Jan 2009 07:41:32 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n02EfVZj034475; Fri, 2 Jan 2009 07:41:31 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from prospect.joyent.us (prospect.joyent.us [8.12.36.36]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n02EfJ06034457; Fri, 2 Jan 2009 07:41:30 -0700 (MST) (envelope-from pmhesse@geminisecurity.com) Received: from PeterVistaSP1 (static-68-163-72-26.res.east.verizon.net [68.163.72.26]) by prospect.joyent.us (Postfix) with ESMTPSA id CBF81A2746; Fri, 2 Jan 2009 14:41:17 +0000 (GMT) From: "Peter Hesse" To: "'Mike'" , Cc: , , References: <495BA5E9.8040305@pobox.com> <1b587cab0901010706j6e8cd2f8pf23345660a4825a5@mail.gmail.com> <495CE68A.5040709@pobox.com> In-Reply-To: <495CE68A.5040709@pobox.com> Subject: RE: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate Date: Fri, 2 Jan 2009 09:41:15 -0500 Message-ID: <0c6f01c96ce8$2c13d700$843b8500$@com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: AclsKjT6Oz0PcIiFQN+3Ed6VEEQeYAAvNWMA Content-Language: en-us Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: > Is there anything that could be added to RP software to reliably > detect and thwart the use of a rogue CA certificate? Or would > any attempt to do that just cause too many problems? Since MD5 is known bad and potentially dangerous at this point, I would suggest that the best client side action would be to fail to verify any signatures created using MD5. This will break some things, especially if existing business processes are relying on a certificate signed with MD5. However, it is a fail-safe and would prevent a rogue CA certificate created in this fashion from being considered trustworthy. And to Santosh's point (and others), my earlier email about removing/replacing trust anchors was not because the self-signed certificates are signed using MD5; I agree the trust anchor public keys are protected using other mechanisms. I am recommending that if CAs do nothing to prevent this kind of attack (non-random serial numbers, issue certificates signed with MD5, issue certificates in an automated, predictable fashion) that those CAs should be removed from trust lists because they are no longer acting in the interest of the relying party--they are an accomplice to the creation of these rogue certificates. --Peter ---------------------------------------------------------------- Peter Hesse pmhesse@geminisecurity.com http://securitymusings.com http://geminisecurity.com From owner-ietf-smime@mail.imc.org Fri Jan 2 08:46:21 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 83FA028C167 for ; Fri, 2 Jan 2009 08:46:21 -0800 (PST) X-Quarantine-ID: X-Virus-Scanned: amavisd-new at amsl.com X-Amavis-Alert: BAD HEADER, Header field occurs more than once: "References" occurs 6 times X-Spam-Flag: NO X-Spam-Score: -4.869 X-Spam-Level: X-Spam-Status: No, score=-4.869 tagged_above=-999 required=5 tests=[AWL=0.862, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-4, SARE_MILLIONSOF=0.315] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vtTT-3nn-wXK for ; Fri, 2 Jan 2009 08:46:20 -0800 (PST) Received: from balder-227.proper.com (Balder-227.Proper.COM [192.245.12.227]) by core3.amsl.com (Postfix) with ESMTP id 98BDF28C0DE for ; Fri, 2 Jan 2009 08:46:20 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n02FagHF036840 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 2 Jan 2009 08:36:42 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n02Fag1O036838; Fri, 2 Jan 2009 08:36:42 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [208.83.67.147]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n02FaUmS036815 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 2 Jan 2009 08:36:41 -0700 (MST) (envelope-from rgm-sec@htt-consult.com) Received: from z9m9z.htt-consult.com (localhost.localdomain [127.0.0.1]) by z9m9z.htt-consult.com (8.13.8/8.13.8) with ESMTP id n02FZsW3016664; Fri, 2 Jan 2009 10:35:54 -0500 Received: from nc2400.htt-consult.com (onlo.htt-consult.com [208.83.67.148]) by z9m9z.htt-consult.com (Scalix SMTP Relay 11.3.0.11339) via ESMTP; Fri, 02 Jan 2009 10:35:43 -0500 (EST) Date: Fri, 2 Jan 2009 10:35:34 -0500 From: Robert Moskowitz To: Peter Hesse cc: "'Mike'" , ietf-pkix@imc.org, cfrg@irtf.org, saag@ietf.org, ietf-smime@imc.org Message-ID: <495E3446.4070606@htt-consult.com> In-Reply-To: <0c6f01c96ce8$2c13d700$843b8500$@com> References: <495BA5E9.8040305@pobox.com> References: References: <1b587cab0901010706j6e8cd2f8pf23345660a4825a5@mail.gmail.com> References: References: <495CE68A.5040709@pobox.com> References: <0c6f01c96ce8$2c13d700$843b8500$@com> Subject: Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate x-scalix-Hops: 1 User-Agent: Thunderbird 2.0.0.18 (X11/20081120) MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format="flowed" Content-Disposition: inline Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Peter Hesse wrote: >> Is there anything that could be added to RP software to reliably >> detect and thwart the use of a rogue CA certificate? Or would >> any attempt to do that just cause too many problems? >> > > Since MD5 is known bad and potentially dangerous at this point, I would > suggest that the best client side action would be to fail to verify any > signatures created using MD5. This will break some things, especially if > existing business processes are relying on a certificate signed with MD5. > However, it is a fail-safe and would prevent a rogue CA certificate created > in this fashion from being considered trustworthy. > > And to Santosh's point (and others), my earlier email about > removing/replacing trust anchors was not because the self-signed > certificates are signed using MD5; I agree the trust anchor public keys are > protected using other mechanisms. I am recommending that if CAs do nothing > to prevent this kind of attack (non-random serial numbers, issue > certificates signed with MD5, issue certificates in an automated, > predictable fashion) that those CAs should be removed from trust lists > because they are no longer acting in the interest of the relying party--they > are an accomplice to the creation of these rogue certificates. Peter, This sounds great at an IETF mike, but out in the field how do you get all those millions of browsers to pull down a new trust list that will no longer include CA foobar? Can't happen now, and the way things are going, ain't going to happen before 2026 either. So what tool do we have to get compliance to best practices? The good old 5th estate, get out their and give bad press to foobar until they fix their behaviour or their business model collapses and they go out of business and can no longer issue potentially rogue certs. We can talk and posture all we want in the IETF. We are rather good at that, IMNSHO. But this is perfect proof of our impact as such on the business model of companies that use our technology; they will do what is expedient, not what is Best Practices. From kaitowmathewshagumi@akebono-brake.co.jp Fri Jan 2 11:19:13 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 28E9D3A6805 for ; Fri, 2 Jan 2009 11:19:13 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.277 X-Spam-Level: X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HELO_DYNAMIC_IPADDR2=4.395, HELO_DYNAMIC_SPLIT_IP=3.493, HELO_EQ_IP_ADDR=1.119, HTML_IMAGE_ONLY_04=2.041, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_1=0.001, MIME_HTML_ONLY=1.457, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_WEB=0.619, RCVD_IN_XBL=3.033, RCVD_NUMERIC_HELO=2.067, RDNS_DYNAMIC=0.1, SARE_HTML_A_BODY=0.742, SARE_HTML_IMG_ONLY=1.666, TVD_RCVD_IP=1.931, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_SBL=20, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BLSFEfsjsArX for ; Fri, 2 Jan 2009 11:19:12 -0800 (PST) Received: from 92.40.128.158.sub.mbb.three.co.uk (92.40.128.158.sub.mbb.three.co.uk [92.40.128.158]) by core3.amsl.com (Postfix) with SMTP id 1A40C3A67A1 for ; Fri, 2 Jan 2009 11:19:09 -0800 (PST) To: Subject: Elite products for your style and reputation From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090102191911.1A40C3A67A1@core3.amsl.com> Date: Fri, 2 Jan 2009 11:19:09 -0800 (PST) Can't afford genuine designer items? Don't worry, we've got perfectly crafted copies! From omelembronn@agora.com.br Fri Jan 2 12:09:21 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 280033A6A11 for ; Fri, 2 Jan 2009 12:09:21 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -35.847 X-Spam-Level: X-Spam-Status: No, score=-35.847 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, HTML_IMAGE_ONLY_04=2.041, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_1=0.001, MIME_HTML_ONLY=1.457, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_HTML_A_BODY=0.742, SARE_HTML_IMG_ONLY=1.666, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_RHS_DOB=1.083, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B4ranhWPUj-n for ; Fri, 2 Jan 2009 12:09:21 -0800 (PST) Received: from host86-139-161-38.range86-139.btcentralplus.com (host86-139-161-38.range86-139.btcentralplus.com [86.139.161.38]) by core3.amsl.com (Postfix) with SMTP id 1C06C3A6979 for ; Fri, 2 Jan 2009 12:09:19 -0800 (PST) To: Subject: Lost my number? ) From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090102200920.1C06C3A6979@core3.amsl.com> Date: Fri, 2 Jan 2009 12:09:19 -0800 (PST) Having trouble viewing this email? Click here to view as a webpage. From larrysh@amdocs.com Fri Jan 2 12:23:53 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0F8A528B797 for ; Fri, 2 Jan 2009 12:23:53 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -33.472 X-Spam-Level: X-Spam-Status: No, score=-33.472 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, GB_I_LETTER=-2, HELO_DYNAMIC_DHCP=1.398, HELO_DYNAMIC_IPADDR=2.426, HTML_EXTRA_CLOSE=2.809, HTML_IMAGE_ONLY_16=1.526, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_2=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_RHS_DOB=1.083, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rdxHOXuQsj8t for ; Fri, 2 Jan 2009 12:23:52 -0800 (PST) Received: from dslb-084-061-124-248.pools.arcor-ip.net (dslb-084-061-124-248.pools.arcor-ip.net [84.61.124.248]) by core3.amsl.com (Postfix) with SMTP id 45E6E3A6A32 for ; Fri, 2 Jan 2009 12:23:50 -0800 (PST) To: Subject: Returned mail: unreachable recipients From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090102202351.45E6E3A6A32@core3.amsl.com> Date: Fri, 2 Jan 2009 12:23:50 -0800 (PST) About this mailing:
You are receiving this e-mail because you subscribed to MSN Featured Offers. Microsoft respects your privacy. If you do not wish to receive this MSN Featured Offers e-mail, please click the "Unsubscribe" link below. This will not unsubscribe you from e-mail communications from third-party advertisers that may appear in MSN Feature Offers. This shall not constitute an offer by MSN. MSN shall not be responsible or liable for the advertisers' content nor any of the goods or service advertised. Prices and item availability subject to change without notice.

C2008 Microsoft | Unsubscribe | More Newsletters | Privacy

Microsoft Corporation, One Microsoft Way, Redmond, WA 98052
From a.yepes@vestilab.com Fri Jan 2 13:04:28 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E865B28C11F; Fri, 2 Jan 2009 13:04:28 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -12.533 X-Spam-Level: X-Spam-Status: No, score=-12.533 tagged_above=-999 required=5 tests=[BAYES_60=1, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_DSL=1.129, HELO_EQ_RU=0.595, HOST_EQ_RU=0.875, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SBL=20, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lN43fr5FVJte; Fri, 2 Jan 2009 13:04:28 -0800 (PST) Received: from ppp91-122-78-177.pppoe.avangarddsl.ru (ppp91-122-78-177.pppoe.avangarddsl.ru [91.122.78.177]) by core3.amsl.com (Postfix) with SMTP id C5DEF28C196; Fri, 2 Jan 2009 13:04:06 -0800 (PST) Message-ID: Date: Fri, 02 Jan 2009 16:03:58 -0500 From: "Chelsea Mims" Subject: Gucci watches wholesale all year long! To: sip@ietf.org Content-Type: text/plain Content-Transfer-Encoding: 7bit Dear Chelsea, Christmas is the time to get Gucci watch, and the only place to get top notch watches that look and perform exactly like the originals is http://www.peonmeld.com/ We are offering wholesaler prices on all watches during the month of December. http://www.peonmeld.com/ Our Gucci have Weights/feels and looks exactly same as original. Sincerely, Mr Mims From jeannieortiz_xz@google.com Fri Jan 2 19:01:59 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D24A93A687E; Fri, 2 Jan 2009 19:01:59 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -11.452 X-Spam-Level: X-Spam-Status: No, score=-11.452 tagged_above=-999 required=5 tests=[BAYES_99=3.5, DATE_IN_PAST_06_12=1.069, DRUGS_ERECTILE=1, DRUGS_ERECTILE_OBFU=1.5, DRUG_ED_CAPS=0.322, FB_CIALIS_LEO3=3.899, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FR_ALMOST_VIAG2=10.357, FUZZY_VPILL=0.687, J_CHICKENPOX_14=0.6, MANGLED_VIAGRA=2.5, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_OBFU_VIAGRA=1.666, SARE_SUB_OBFU_Q1=0.227, SARE_SXLIFE=1.07, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_SBL=20, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Sr3tIvmt4-dz; Fri, 2 Jan 2009 19:01:59 -0800 (PST) Received: from netvigator.com (64-130-148-31.pool.dsl.scrtc.com [64.130.148.31]) by core3.amsl.com (Postfix) with ESMTP id BAE5F3A6810; Fri, 2 Jan 2009 19:01:58 -0800 (PST) Received: from 117.4.106.3 by smtp.google.com; Fri, 02 Jan 2009 20:01:31 Subject: JUST L()()K AT WHAT YOU GET: / i a g rrr @ qjcs9j X-Sender: Date: Fri, 02 Jan 2009 20:01:30 +0000 Sender: Reply-To: "Jeannie Ortiz" In-Reply-To: From: "Jeannie Ortiz" To: sipping-bounces@ietf.org, sipping-owner@ietf.org, sip-request@ietf.org, smime-archive@ietf.org, speechsc@ietf.org, speechsc-admin@ietf.org MIME-Version: 1.0 Message-ID: <1230926490.7079@google.com> Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: 8bit Dear sipping-bounces@ietf.org <>Iagra for only 1.2$ http://edtvstore.com.es Cialis! When you need it later If a relaxing moment turns into the right moment, will you be ready? You can be with CIALIS. Relax and take your time. CIALIS is the only ED tablet clinically proven to both work up to 36 hours and work in some men as fast as 15 minutes. With CIALIS you don’t have to hurry if you don’t want to and you don’t have to schedule your love making. You and your partner can relax and take time to choose the moment that’s right for you, whether it's right now, or later on. You've got time. http://edtvstore.com.es Thanks Mary Vargas sipping-bounces@ietf.org wrote: > V1agra GET IT HERE! ar6zbg2szv- http://edtvstore.com.es/w.php From lauiswang@19.cn Fri Jan 2 21:50:22 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C31083A69C7 for ; Fri, 2 Jan 2009 21:50:22 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.522 X-Spam-Level: X-Spam-Status: No, score=-3.522 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HELO_DYNAMIC_IPADDR2=4.395, HELO_EQ_JP=1.244, HELO_EQ_NE_JP=1.244, HOST_EQ_JP=1.265, HOST_EQ_NE_JP=2.599, HTML_IMAGE_ONLY_16=1.526, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_2=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_SBL=20, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wHdgHCJq7A2v for ; Fri, 2 Jan 2009 21:50:21 -0800 (PST) Received: from 122x210x67x188.ap122.ftth.ucom.ne.jp (122x210x67x188.ap122.ftth.ucom.ne.jp [122.210.67.188]) by core3.amsl.com (Postfix) with SMTP id EDBEA3A686E for ; Fri, 2 Jan 2009 21:50:19 -0800 (PST) To: Subject: Elite products for your style and reputation From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090103055020.EDBEA3A686E@core3.amsl.com> Date: Fri, 2 Jan 2009 21:50:19 -0800 (PST)

Buy perfect stylish presents that you can give to your dear people on special occasions!


Please do not reply to this email. To contact Armstrong Shank Advertising, please visit us

This email message was sent to . If you do not wish to receive further communications from Armstrong Shank Advertising, click here to unsubscribe.

If you've experience any difficulty in being removed from a Armstrong Shank Advertising email list, click here for personalized help.

Copyright © 2008 Armstrong Shank Advertising, Inc. All rights reserved.
7450 S Seneca, Haysville, KS 67060

From brianna@sexxxnet.net Sat Jan 3 11:42:24 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4E1153A698A; Sat, 3 Jan 2009 11:42:24 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -71.016 X-Spam-Level: X-Spam-Status: No, score=-71.016 tagged_above=-999 required=5 tests=[BAYES_50=0.001, HELO_EQ_PL=1.135, HOST_EQ_PL=1.95, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, URIBL_SBL=20, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6Vp-ydX37tI9; Sat, 3 Jan 2009 11:42:23 -0800 (PST) Received: from chello089074034080.chello.pl (chello089074034080.chello.pl [89.74.34.80]) by core3.amsl.com (Postfix) with SMTP id B7F463A6817; Sat, 3 Jan 2009 11:41:53 -0800 (PST) Message-ID: Date: Sat, 03 Jan 2009 14:41:43 -0500 From: "Gerald Goodwin" Subject: Emporio Armani watches wholesale all year long! To: sip@ietf.org Content-Type: text/plain Content-Transfer-Encoding: 7bit Dear Gerald, New Year is the time to get Chopard watch, and the only place to get top notch watches that look and perform exactly like the originals is http://www.wanewall.com/ Take advantage of our christmas specials and get yourself {$WATCH$} watch that you've always wanted! http://www.wanewall.com/ Our Chopard watches have perfect weight and feel same as orginal. Sincerely, Mr Goodwin From alb@wisconsinclub.com Sat Jan 3 23:14:03 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 42BD53A6A6C; Sat, 3 Jan 2009 23:14:03 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -30.195 X-Spam-Level: X-Spam-Status: No, score=-30.195 tagged_above=-999 required=5 tests=[BAYES_40=-0.185, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR2=4.395, HELO_EQ_BR=0.955, HOST_EQ_BR=1.295, HOST_EQ_STATIC=1.172, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_XBL=3.033, TVD_RCVD_IP=1.931, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_SBL=20, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uIFc5HXAline; Sat, 3 Jan 2009 23:14:02 -0800 (PST) Received: from 201-048-155-138.static.ctbctelecom.com.br (201-048-155-138.static.ctbctelecom.com.br [201.48.155.138]) by core3.amsl.com (Postfix) with SMTP id 1BE8F3A6A5F; Sat, 3 Jan 2009 23:13:48 -0800 (PST) Message-ID: Date: Sun, 04 Jan 2009 02:13:40 -0500 From: "Odessa Garland" Subject: Take a look at the Jaeger LeCoultre watches! To: sip@ietf.org Content-Type: text/plain Content-Transfer-Encoding: 7bit Dear Odessa, Looking for a Jaeger LeCoultre watch that no one can tell from the original? You're in luck, because we have the best copies http://www.wanemake.com/ From aadams@laleva.cc Sat Jan 3 23:19:15 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A0EDF3A6A71; Sat, 3 Jan 2009 23:19:15 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -15.087 X-Spam-Level: X-Spam-Status: No, score=-15.087 tagged_above=-999 required=5 tests=[BAYES_80=2, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, FRT_ROLEX=3.878, HELO_DYNAMIC_HCC=4.295, HELO_DYNAMIC_IPADDR2=4.395, HELO_EQ_BR=0.955, HELO_EQ_DSL=1.129, HELO_EQ_TELESP=1.245, HOST_EQ_BR=1.295, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_RECV_SPAM_DOMN02=1.666, TVD_RCVD_IP=1.931, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_SBL=20, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5XB5de1zsWj0; Sat, 3 Jan 2009 23:19:15 -0800 (PST) Received: from 201-68-25-24.dsl.telesp.net.br (201-68-25-24.dsl.telesp.net.br [201.68.25.24]) by core3.amsl.com (Postfix) with SMTP id B699F3A6A6C; Sat, 3 Jan 2009 23:19:03 -0800 (PST) Message-ID: Date: Sun, 04 Jan 2009 02:18:49 -0500 From: "Shelton Hahn" Subject: Emporio Armani better than you could imagine! To: smime-archive@megatron.ietf.org Content-Type: text/plain Content-Transfer-Encoding: 7bit Dear Shelton, Looking for a Ro lex? How about getting two, one for you and one for your spouse? http://www.wanewanes.com/ Get two deeply discounted watches and take an extra 15% discount. http://www.wanewanes.com/ Our Ro lex have all appropriate markings, wordings and engravings same as orginal. Sincerely, Mr Hahn From owner-ietf-smime@mail.imc.org Sat Jan 3 23:41:59 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DD7D23A690B for ; Sat, 3 Jan 2009 23:41:59 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.442 X-Spam-Level: X-Spam-Status: No, score=-2.442 tagged_above=-999 required=5 tests=[AWL=-0.158, BAYES_00=-2.599, SARE_MILLIONSOF=0.315] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mOGVBvCgFw4o for ; Sat, 3 Jan 2009 23:41:59 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id ABBE93A68F8 for ; Sat, 3 Jan 2009 23:41:58 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n047TvT2021249 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 4 Jan 2009 00:29:57 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n047TupB021248; Sun, 4 Jan 2009 00:29:56 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from dlpdemo.checkpoint.com (dlpdemo.checkpoint.com [194.29.32.54]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n047TiJe021226; Sun, 4 Jan 2009 00:29:55 -0700 (MST) (envelope-from ynir@checkpoint.com) Received: by dlpdemo.checkpoint.com (Postfix, from userid 105) id 4FBC5200DFE; Sun, 4 Jan 2009 09:29:43 +0200 (IST) Received: from michael.checkpoint.com (michael.checkpoint.com [194.29.32.68]) by dlpdemo.checkpoint.com (Postfix) with ESMTP id 9F8852004D6; Sun, 4 Jan 2009 09:29:18 +0200 (IST) X-CheckPoint: {49606375-10000-88241DC2-7B6} Received: from owoloch-x32.ad.checkpoint.com (localhost [127.0.0.1]) by michael.checkpoint.com (8.12.10+Sun/8.12.10) with ESMTP id n047TIfE017615; Sun, 4 Jan 2009 09:29:18 +0200 (IST) Cc: Peter Hesse , ietf-pkix@imc.org, "'Mike'" , cfrg@irtf.org, saag@ietf.org, ietf-smime@imc.org Message-Id: <230CAA22-D118-4F29-9DC8-32FDCD7D771E@checkpoint.com> From: Yoav Nir To: Robert Moskowitz In-Reply-To: <495E3446.4070606@htt-consult.com> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v930.3) Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Date: Sun, 4 Jan 2009 09:02:00 +0200 References: <495BA5E9.8040305@pobox.com> <495E3446.4070606@htt-consult.com> X-Mailer: Apple Mail (2.930.3) Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: On Jan 2, 2009, at 5:35 PM, Robert Moskowitz wrote: >> Since MD5 is known bad and potentially dangerous at this point, I >> would >> suggest that the best client side action would be to fail to verify >> any >> signatures created using MD5. This will break some things, >> especially if >> existing business processes are relying on a certificate signed >> with MD5. >> However, it is a fail-safe and would prevent a rogue CA certificate >> created >> in this fashion from being considered trustworthy. >> >> And to Santosh's point (and others), my earlier email about >> removing/replacing trust anchors was not because the self-signed >> certificates are signed using MD5; I agree the trust anchor public >> keys are >> protected using other mechanisms. I am recommending that if CAs do >> nothing >> to prevent this kind of attack (non-random serial numbers, issue >> certificates signed with MD5, issue certificates in an automated, >> predictable fashion) that those CAs should be removed from trust >> lists >> because they are no longer acting in the interest of the relying >> party--they >> are an accomplice to the creation of these rogue certificates. > Peter, > > This sounds great at an IETF mike, but out in the field how do you > get all those millions of browsers to pull down a new trust list > that will no longer include CA foobar? > > Can't happen now, and the way things are going, ain't going to > happen before 2026 either. There's this one company such that if they use Windows update to update their browsers, the others will follow. Technically, it's very easy to get rid of the bad CAs. However, that company is not going to modify their browsers, not now, probably not in the next few years. > So what tool do we have to get compliance to best practices? The > good old 5th estate, get out their and give bad press to foobar > until they fix their behaviour or their business model collapses and > they go out of business and can no longer issue potentially rogue > certs. I don't think you can get a message like that across. This story evokes more of the "Wow! Clever hackers with 200 playstations" sentiment, not the "criminal negligence" sentiment. You can't get the media angry with a company unless the negligence causes something spectacular, like an exploding Ford Pinto. Even Jesse Walker's "unsafe at any keylength" article didn't have quite the impact of the original. And people still use WEP. > We can talk and posture all we want in the IETF. We are rather good > at that, IMNSHO. But this is perfect proof of our impact as such on > the business model of companies that use our technology; they will > do what is expedient, not what is Best Practices. Best we can do is to get the CAs to (1) not issue MD5 certs anymore and (2) randomize the serial number and/or (3) and a random fluff extension that people are talking about But still, I don't see Microsoft removing a root CA because one of their sub-CAs is issuing non-compliant certificates. And if Microsoft don't, nobody else will. The Firefox/Opera/Safari/ Chrome people don't want any sites that "only work with Explorer". Email secured by Check Point From owner-ietf-smime@mail.imc.org Sun Jan 4 11:21:49 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E49023A6945 for ; Sun, 4 Jan 2009 11:21:49 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.58 X-Spam-Level: X-Spam-Status: No, score=-2.58 tagged_above=-999 required=5 tests=[AWL=0.019, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QNchj-hncvWI for ; Sun, 4 Jan 2009 11:21:49 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id D2A463A689C for ; Sun, 4 Jan 2009 11:21:48 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n04JBJHt047548 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 4 Jan 2009 12:11:19 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n04JBJ8Z047547; Sun, 4 Jan 2009 12:11:19 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from [10.20.30.158] (dsl-63-249-108-169.cruzio.com [63.249.108.169]) (authenticated bits=0) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n04JBA90047521 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 4 Jan 2009 12:11:11 -0700 (MST) (envelope-from paul.hoffman@vpnc.org) Mime-Version: 1.0 Message-Id: In-Reply-To: <230CAA22-D118-4F29-9DC8-32FDCD7D771E@checkpoint.com> References: <495BA5E9.8040305@pobox.com> <495E3446.4070606@htt-consult.com> <230CAA22-D118-4F29-9DC8-32FDCD7D771E@checkpoint.com> Date: Sun, 4 Jan 2009 11:11:09 -0800 To: Yoav Nir From: Paul Hoffman Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Cc: ietf-pkix@imc.org, cfrg@irtf.org, saag@ietf.org, ietf-smime@imc.org Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: At 9:02 AM +0200 1/4/09, Yoav Nir wrote: >Best we can do is to get the CAs to > >(1) not issue MD5 certs anymore and >(2) randomize the serial number and/or >(3) and a random fluff extension that people are talking about Just to repeat it one more time: #3 does not prevent the published attack. >But still, I don't see Microsoft removing a root CA because one of their sub-CAs is issuing non-compliant certificates. It is hard to see Microsoft removing or adding CAs. If anyone knows of a public interface (mailing list, web site, whatever) for when this happens, by all means please the world know. >And if Microsoft don't, nobody else will. The Firefox/Opera/Safari/Chrome people don't want any sites that "only work with Explorer". At least with respect to Firefox, I think that statement is false. --Paul Hoffman, Director --VPN Consortium From olli-matti.luhtinen1@akusti.fi Sun Jan 4 12:03:08 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BC9AC3A689C for ; Sun, 4 Jan 2009 12:03:08 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -32.24 X-Spam-Level: X-Spam-Status: No, score=-32.24 tagged_above=-999 required=5 tests=[BAYES_80=2, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, GB_I_LETTER=-2, HELO_DYNAMIC_IPADDR=2.426, HTML_EXTRA_CLOSE=2.809, HTML_IMAGE_ONLY_16=1.526, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_2=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, RDNS_DYNAMIC=0.1, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iq3eXVll+TLk for ; Sun, 4 Jan 2009 12:03:08 -0800 (PST) Received: from i155-100-19-89.vpdn.way.kv.chereda.net (i70-104-19-89.vpdn.cox.kv.chereda.net [89.19.104.70]) by core3.amsl.com (Postfix) with SMTP id 13E623A6972 for ; Sun, 4 Jan 2009 12:03:06 -0800 (PST) To: Subject: Returned mail: User unknown From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090104200307.13E623A6972@core3.amsl.com> Date: Sun, 4 Jan 2009 12:03:06 -0800 (PST) About this mailing:
You are receiving this e-mail because you subscribed to MSN Featured Offers. Microsoft respects your privacy. If you do not wish to receive this MSN Featured Offers e-mail, please click the "Unsubscribe" link below. This will not unsubscribe you from e-mail communications from third-party advertisers that may appear in MSN Feature Offers. This shall not constitute an offer by MSN. MSN shall not be responsible or liable for the advertisers' content nor any of the goods or service advertised. Prices and item availability subject to change without notice.

C2008 Microsoft | Unsubscribe | More Newsletters | Privacy

Microsoft Corporation, One Microsoft Way, Redmond, WA 98052 From owner-ietf-smime@mail.imc.org Sun Jan 4 13:34:15 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 687963A6861 for ; Sun, 4 Jan 2009 13:34:15 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.585 X-Spam-Level: X-Spam-Status: No, score=-2.585 tagged_above=-999 required=5 tests=[AWL=0.014, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U8BlPho+ndJN for ; Sun, 4 Jan 2009 13:34:14 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 4FD623A682B for ; Sun, 4 Jan 2009 13:34:14 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n04KOb4L050325 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 4 Jan 2009 13:24:37 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n04KObef050323; Sun, 4 Jan 2009 13:24:37 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from dlpdemo.checkpoint.com (dlpdemo.checkpoint.com [194.29.32.54]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n04KOPJl050304; Sun, 4 Jan 2009 13:24:36 -0700 (MST) (envelope-from ynir@checkpoint.com) Received: by dlpdemo.checkpoint.com (Postfix, from userid 105) id 163CA29C002; Sun, 4 Jan 2009 22:24:25 +0200 (IST) Received: from michael.checkpoint.com (michael.checkpoint.com [194.29.32.68]) by dlpdemo.checkpoint.com (Postfix) with ESMTP id 3510F29C001; Sun, 4 Jan 2009 22:24:03 +0200 (IST) X-CheckPoint: {49611904-10000-88241DC2-7B6} Received: from [172.31.21.158] (localhost [127.0.0.1]) by michael.checkpoint.com (8.12.10+Sun/8.12.10) with ESMTP id n04KNwfE013740; Sun, 4 Jan 2009 22:23:59 +0200 (IST) Cc: ietf-pkix@imc.org, cfrg@irtf.org, saag@ietf.org, ietf-smime@imc.org Message-Id: From: Yoav Nir To: Paul Hoffman In-Reply-To: Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v930.3) Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Date: Sun, 4 Jan 2009 22:23:58 +0200 References: <495BA5E9.8040305@pobox.com> <495E3446.4070606@htt-consult.com> <230CAA22-D118-4F29-9DC8-32FDCD7D771E@checkpoint.com> X-Mailer: Apple Mail (2.930.3) Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: On Jan 4, 2009, at 9:11 PM, Paul Hoffman wrote: > At 9:02 AM +0200 1/4/09, Yoav Nir wrote: >> Best we can do is to get the CAs to >> >> (1) not issue MD5 certs anymore and >> (2) randomize the serial number and/or >> (3) and a random fluff extension that people are talking about > > Just to repeat it one more time: #3 does not prevent the published > attack. It does if the random fluff is inserted by the CA. The attack depends on their ability to predict the entire TBS part. >> But still, I don't see Microsoft removing a root CA because one of >> their sub-CAs is issuing non-compliant certificates. > > It is hard to see Microsoft removing or adding CAs. If anyone knows > of a public interface (mailing list, web site, whatever) for when > this happens, by all means please the world know. I managed to find a page with their policy on adding new root CAs. Nothing there about removing old root CAs. >> And if Microsoft don't, nobody else will. The Firefox/Opera/Safari/ >> Chrome people don't want any sites that "only work with Explorer". > > At least with respect to Firefox, I think that statement is false. They've done quite a bit to render broken sites that were made for IE. Also, I've updated today and all the "bad" CAs with MD5 signatures are still in the TAS. Email secured by Check Point From owner-ietf-smime@mail.imc.org Sun Jan 4 13:49:04 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 01BCD3A6A8C for ; Sun, 4 Jan 2009 13:49:04 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.584 X-Spam-Level: X-Spam-Status: No, score=-2.584 tagged_above=-999 required=5 tests=[AWL=0.015, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SxhZ2ItHt+0N for ; Sun, 4 Jan 2009 13:49:03 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id C1E623A69ED for ; Sun, 4 Jan 2009 13:49:02 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n04KeJ9p050767 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 4 Jan 2009 13:40:19 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n04KeJ7N050766; Sun, 4 Jan 2009 13:40:19 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from [10.20.30.158] (dsl-63-249-108-169.cruzio.com [63.249.108.169]) (authenticated bits=0) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n04KeBuF050753 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 4 Jan 2009 13:40:13 -0700 (MST) (envelope-from paul.hoffman@vpnc.org) Mime-Version: 1.0 Message-Id: In-Reply-To: References: <495BA5E9.8040305@pobox.com> <495E3446.4070606@htt-consult.com> <230CAA22-D118-4F29-9DC8-32FDCD7D771E@checkpoint.com> Date: Sun, 4 Jan 2009 12:40:10 -0800 To: Yoav Nir From: Paul Hoffman Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Cc: ietf-pkix@imc.org, cfrg@irtf.org, saag@ietf.org, ietf-smime@imc.org Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: At 10:23 PM +0200 1/4/09, Yoav Nir wrote: >On Jan 4, 2009, at 9:11 PM, Paul Hoffman wrote: > >>At 9:02 AM +0200 1/4/09, Yoav Nir wrote: >>>Best we can do is to get the CAs to >>> >>>(1) not issue MD5 certs anymore and >>>(2) randomize the serial number and/or >>>(3) and a random fluff extension that people are talking about >> >>Just to repeat it one more time: #3 does not prevent the published attack. > >It does if the random fluff is inserted by the CA. The attack depends on their ability to predict the entire TBS part. I may have misunderstood the paper, but I think that changes after the subjectPublicKeyInfo do not affect the attack. >>>But still, I don't see Microsoft removing a root CA because one of their sub-CAs is issuing non-compliant certificates. >> >>It is hard to see Microsoft removing or adding CAs. If anyone knows of a public interface (mailing list, web site, whatever) for when this happens, by all means please the world know. > >I managed to find a page with their policy on adding new root CAs. Nothing there about removing old root CAs. I'm not talking about the policy: I'm talking about the actual trust anchors themselves. >>>And if Microsoft don't, nobody else will. The Firefox/Opera/Safari/Chrome people don't want any sites that "only work with Explorer". >> >>At least with respect to Firefox, I think that statement is false. > >They've done quite a bit to render broken sites that were made for IE. That is irrelevant for this thread. There are active discussions in the Firefox community about adding and removing trust anchors that are and are not already in the IE trust anchor pile. >Also, I've updated today and all the "bad" CAs with MD5 signatures are still in the TAS. As was pointed out to me earlier: it does not matter if the CA has its cert signed with MD5, only whether that CA *signs* with MD5. RapidSSL, for example, is still signed with MD5 but is now signing with SHA-1. --Paul Hoffman, Director --VPN Consortium From emmanuel@bafitis.freeserve.co.uk Sun Jan 4 13:58:24 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 31C4C3A6A8D; Sun, 4 Jan 2009 13:58:24 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -28.922 X-Spam-Level: X-Spam-Status: No, score=-28.922 tagged_above=-999 required=5 tests=[BAYES_95=3, HELO_EQ_PL=1.135, HOST_EQ_PL=1.95, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_XBL=3.033, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_SBL=20, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MNbk3jFRzFDA; Sun, 4 Jan 2009 13:58:23 -0800 (PST) Received: from 61-to3-7.acn.waw.pl (61-to3-7.acn.waw.pl [85.222.78.61]) by core3.amsl.com (Postfix) with SMTP id E43B73A6A7E; Sun, 4 Jan 2009 13:58:15 -0800 (PST) Message-ID: Date: Sun, 04 Jan 2009 16:57:59 -0500 From: "Travis Noble" Subject: Gucci watch models from 2009! To: smime-archive@megatron.ietf.org Content-Type: text/plain Content-Transfer-Encoding: 7bit Dear Travis, New Year is the time to get IWC watch, and the only place to get top notch watches that look and perform exactly like the originals is http://www.wanewanes.com/ We are offering wholesaler prices on all watches during the month of January 2009. http://www.wanewanes.com/ Our IWC have Weights/feels and looks exactly same as original. Sincerely, Mr Noble From owner-ietf-smime@mail.imc.org Sun Jan 4 15:16:22 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C45213A6A90 for ; Sun, 4 Jan 2009 15:16:22 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.661 X-Spam-Level: X-Spam-Status: No, score=-5.661 tagged_above=-999 required=5 tests=[AWL=0.385, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AKNo64JiaUxx for ; Sun, 4 Jan 2009 15:16:22 -0800 (PST) Received: from balder-227.proper.com (Balder-227.Proper.COM [192.245.12.227]) by core3.amsl.com (Postfix) with ESMTP id 06EB43A68C5 for ; Sun, 4 Jan 2009 15:16:21 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n04M2SU6054050 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 4 Jan 2009 15:02:28 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n04M2SMe054048; Sun, 4 Jan 2009 15:02:28 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from mailhost.tue.nl (mailhost.tue.nl [131.155.2.19]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n04M2Gu9054027 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 4 Jan 2009 15:02:27 -0700 (MST) (envelope-from b.m.m.d.weger@TUE.nl) Received: from localhost (localhost [127.0.0.1]) by mailhost.tue.nl (Postfix) with ESMTP id 01BC45C005; Sun, 4 Jan 2009 23:02:15 +0100 (CET) X-Virus-Scanned: amavisd-new at tue.nl Received: from mailhost.tue.nl ([131.155.2.19]) by localhost (pastinakel.tue.nl [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rHJqCkviIVtX; Sun, 4 Jan 2009 23:02:14 +0100 (CET) Received: from EXCHANGE5.campus.tue.nl (xserver6.campus.tue.nl [131.155.6.9]) by mailhost.tue.nl (Postfix) with ESMTP id BACDA5C002; Sun, 4 Jan 2009 23:02:14 +0100 (CET) Received: from webmail11.campus.tue.nl ([131.155.6.51]) by EXCHANGE5.campus.tue.nl with Microsoft SMTPSVC(6.0.3790.3959); Sun, 4 Jan 2009 23:02:14 +0100 Received: from EXCHANGE11.campus.tue.nl ([131.155.6.30]) by webmail11.campus.tue.nl ([131.155.6.51]) with mapi; Sun, 4 Jan 2009 23:02:14 +0100 From: "Weger, B.M.M. de" To: Paul Hoffman , Yoav Nir CC: "ietf-pkix@imc.org" , "ietf-smime@imc.org" , "cfrg@irtf.org" , "saag@ietf.org" Date: Sun, 4 Jan 2009 23:02:36 +0100 Subject: RE: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate Thread-Topic: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate Thread-Index: AclurK43+Y7mFmYNToKiFNQb0Pgg2QAChf2w Message-ID: <7DF2365FF07C0E4E89419D65CCC93C9E014149035E31@EXCHANGE11.campus.tue.nl> References: <495BA5E9.8040305@pobox.com> <495E3446.4070606@htt-consult.com> <230CAA22-D118-4F29-9DC8-32FDCD7D771E@checkpoint.com> In-Reply-To: Accept-Language: nl-NL, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: nl-NL, en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginalArrivalTime: 04 Jan 2009 22:02:14.0620 (UTC) FILETIME=[1A02D1C0:01C96EB8] Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Hi Paul, > >>Just to repeat it one more time: #3 does not prevent the=20 > published attack. > > > >It does if the random fluff is inserted by the CA. The=20 > attack depends on their ability to predict the entire TBS part. >=20 > I may have misunderstood the paper, but I think that changes=20 > after the subjectPublicKeyInfo do not affect the attack. Almost correct. A random looking "collision block" has to be inserted somewhere. We chose to insert it in the public key, as that seems the most convenient. Somebody else may find another place where it can be hidden (maybe in a "subject key identifier" field or something, I don't know what would be feasible). Everything after the "collision block" must be copied bitwise into the twin certificate, and must be 'harmless' there. If 'random fluff' is inserted by the CA after the "collision block", this 'random fluff' can be copied into the twin=20 certificate as well, retaining the collision property, and this would indeed be irrelevant to our attack. > >Also, I've updated today and all the "bad" CAs with MD5=20 > signatures are still in the TAS. >=20 > As was pointed out to me earlier: it does not matter if the=20 > CA has its cert signed with MD5, only whether that CA *signs*=20 > with MD5. RapidSSL, for example, is still signed with MD5 but=20 > is now signing with SHA-1. Correct. Grtz, Benne de Weger From owner-ietf-smime@mail.imc.org Sun Jan 4 15:39:50 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 04C7528C10C for ; Sun, 4 Jan 2009 15:39:50 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.461 X-Spam-Level: X-Spam-Status: No, score=-6.461 tagged_above=-999 required=5 tests=[AWL=0.138, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CHnxd16q4nFy for ; Sun, 4 Jan 2009 15:39:49 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id D9D4428C105 for ; Sun, 4 Jan 2009 15:39:48 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n04MUS0p055191 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 4 Jan 2009 15:30:28 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n04MUShH055190; Sun, 4 Jan 2009 15:30:28 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from chokecherry.srv.cs.cmu.edu (CHOKECHERRY.SRV.CS.CMU.EDU [128.2.185.41]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n04MUGmm055177 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Sun, 4 Jan 2009 15:30:27 -0700 (MST) (envelope-from jhutz@cmu.edu) Received: from [172.16.209.63] (host-66-202-66-11.har.choiceone.net [66.202.66.11]) (authenticated bits=0) by chokecherry.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id n04MTvn9029995 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 4 Jan 2009 17:29:58 -0500 (EST) Date: Sun, 04 Jan 2009 17:29:57 -0500 From: Jeffrey Hutzelman To: Yoav Nir , Paul Hoffman cc: ietf-pkix@imc.org, ietf-smime@imc.org, cfrg@irtf.org, saag@ietf.org, jhutz@cmu.edu Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Message-ID: <6C182FC59BEE26512261338E@atlantis.pc.cs.cmu.edu> In-Reply-To: <200901042024.n04KOTfE014709@raisinbran.srv.cs.cmu.edu> References: <495BA5E9.8040305@pobox.com> <495E3446.4070606@htt-consult.com> <230CAA22-D118-4F29-9DC8-32FDCD7D771E@checkpoint.com> <200901042024.n04KOTfE014709@raisinbran.srv.cs.cmu.edu> X-Mailer: Mulberry/4.0.8 (Linux/x86) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Scanned-By: mimedefang-cmuscs on 128.2.185.41 Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: --On Sunday, January 04, 2009 10:23:58 PM +0200 Yoav Nir wrote: > On Jan 4, 2009, at 9:11 PM, Paul Hoffman wrote: > >> At 9:02 AM +0200 1/4/09, Yoav Nir wrote: >>> Best we can do is to get the CAs to >>> >>> (1) not issue MD5 certs anymore and >>> (2) randomize the serial number and/or >>> (3) and a random fluff extension that people are talking about >> >> Just to repeat it one more time: #3 does not prevent the published >> attack. > > It does if the random fluff is inserted by the CA. The attack depends on > their ability to predict the entire TBS part. No, it does not. It depends on their ability to predict that portion of the TBS part which occurs prior to the computed collision blocks, which in the real certificate occur in the subject public key modulus. The portion of the TBS part which occurs after the collision blocks does not need to be predictable; they just need to be able to copy it as-is, which is done by copying the collision blocks, the rest of the original subject public key modulus, and all of the original certificate's extensions into a netscape comment extension in the forged certificate. >>> And if Microsoft don't, nobody else will. The Firefox/Opera/Safari/ >>> Chrome people don't want any sites that "only work with Explorer". >> >> At least with respect to Firefox, I think that statement is false. > > They've done quite a bit to render broken sites that were made for IE. > Also, I've updated today and all the "bad" CAs with MD5 signatures are > still in the TAS. Again, there is nothing "bad" about CA certifiates with MD5 signatures. The signature on a root certificate is not used for anything, and in practice is not an accurate predictor of what algorithms that CA uses to sign certificates. -- Jeffrey T. Hutzelman (N3NHS) Carnegie Mellon University - Pittsburgh, PA From owner-ietf-smime@mail.imc.org Sun Jan 4 15:41:45 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DE91528C117 for ; Sun, 4 Jan 2009 15:41:45 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.479 X-Spam-Level: X-Spam-Status: No, score=-1.479 tagged_above=-999 required=5 tests=[AWL=-0.010, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w8LyHIfDKH50 for ; Sun, 4 Jan 2009 15:41:45 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id B47843A6AFA for ; Sun, 4 Jan 2009 15:41:44 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n04MYZx6055363 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 4 Jan 2009 15:34:35 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n04MYZ3Q055361; Sun, 4 Jan 2009 15:34:35 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from scygmxsecs1.cygnacom.com (scygmxsecs1.cygnacom.com [65.242.48.253]) by balder-227.proper.com (8.14.2/8.14.2) with SMTP id n04MYNpR055337 for ; Sun, 4 Jan 2009 15:34:33 -0700 (MST) (envelope-from SChokhani@cygnacom.com) Received: (qmail 6928 invoked from network); 4 Jan 2009 22:34:40 -0000 Received: from SChokhani@cygnacom.com by scygmxsecs1.cygnacom.com with EntrustECS-Server-7.4;04 Jan 2009 22:34:40 -0000 Received: from unknown (HELO scygexch1.cygnacom.com) (10.60.50.8) by scygmxsecs1.cygnacom.com with SMTP; 4 Jan 2009 22:34:40 -0000 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft Exchange V6.5 Subject: RE: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate Date: Sun, 4 Jan 2009 17:34:21 -0500 Message-ID: In-Reply-To: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate Thread-Index: AclurKoRqf7W7I+NT92pGLSCmb5SbAAD7uUg References: <495BA5E9.8040305@pobox.com> <495E3446.4070606@htt-consult.com><230CAA22-D118-4F29-9DC8-32FDCD7D771E@checkpoint.com> From: "Santosh Chokhani" To: "Paul Hoffman" , "Yoav Nir" Cc: , , , Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: I agree with Paul. Unless the Length of TBD certificate as part of DER is made unpredictable, any values on extensions just go in the tumor. -----Original Message----- From: cfrg-bounces@irtf.org [mailto:cfrg-bounces@irtf.org] On Behalf Of Paul Hoffman Sent: Sunday, January 04, 2009 3:40 PM To: Yoav Nir Cc: ietf-pkix@imc.org; ietf-smime@imc.org; cfrg@irtf.org; saag@ietf.org Subject: Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate At 10:23 PM +0200 1/4/09, Yoav Nir wrote: >On Jan 4, 2009, at 9:11 PM, Paul Hoffman wrote: > >>At 9:02 AM +0200 1/4/09, Yoav Nir wrote: >>>Best we can do is to get the CAs to >>> >>>(1) not issue MD5 certs anymore and >>>(2) randomize the serial number and/or >>>(3) and a random fluff extension that people are talking about >> >>Just to repeat it one more time: #3 does not prevent the published attack. > >It does if the random fluff is inserted by the CA. The attack depends on their ability to predict the entire TBS part. I may have misunderstood the paper, but I think that changes after the subjectPublicKeyInfo do not affect the attack. >>>But still, I don't see Microsoft removing a root CA because one of their sub-CAs is issuing non-compliant certificates. >> >>It is hard to see Microsoft removing or adding CAs. If anyone knows of a public interface (mailing list, web site, whatever) for when this happens, by all means please the world know. > >I managed to find a page with their policy on adding new root CAs. Nothing there about removing old root CAs. I'm not talking about the policy: I'm talking about the actual trust anchors themselves. >>>And if Microsoft don't, nobody else will. The Firefox/Opera/Safari/Chrome people don't want any sites that "only work with Explorer". >> >>At least with respect to Firefox, I think that statement is false. > >They've done quite a bit to render broken sites that were made for IE. That is irrelevant for this thread. There are active discussions in the Firefox community about adding and removing trust anchors that are and are not already in the IE trust anchor pile. >Also, I've updated today and all the "bad" CAs with MD5 signatures are still in the TAS. As was pointed out to me earlier: it does not matter if the CA has its cert signed with MD5, only whether that CA *signs* with MD5. RapidSSL, for example, is still signed with MD5 but is now signing with SHA-1. --Paul Hoffman, Director --VPN Consortium _______________________________________________ Cfrg mailing list Cfrg@irtf.org https://www.irtf.org/mailman/listinfo/cfrg From john@24-seven.fsbusiness.co.uk Sun Jan 4 17:01:44 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6D7E63A68C5 for ; Sun, 4 Jan 2009 17:01:44 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -24.806 X-Spam-Level: X-Spam-Status: No, score=-24.806 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, GB_I_LETTER=-2, HELO_DYNAMIC_HCC=4.295, HELO_DYNAMIC_IPADDR2=4.395, HELO_EQ_BR=0.955, HELO_EQ_DSL=1.129, HELO_EQ_TELESP=1.245, HOST_EQ_BR=1.295, HTML_IMAGE_ONLY_16=1.526, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_2=0.001, MIME_HTML_ONLY=1.457, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_RECV_SPAM_DOMN02=1.666, SARE_UNI=0.591, TVD_RCVD_IP=1.931, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_RHS_DOB=1.083, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rRUHqZXMcreH for ; Sun, 4 Jan 2009 17:01:43 -0800 (PST) Received: from 200-232-200-239.dsl.telesp.net.br (200-232-200-239.dsl.telesp.net.br [200.232.200.239]) by core3.amsl.com (Postfix) with SMTP id 361D13A681F for ; Sun, 4 Jan 2009 17:01:41 -0800 (PST) To: Subject: Your order 53744 From: MIME-Version: 1.0 Importance: High Content-Type: text/html X-Antivirus: avast! (VPS 071220-0, 20/12/2007), Outbound message X-Antivirus-Status: Clean Message-Id: <20090105010142.361D13A681F@core3.amsl.com> Date: Sun, 4 Jan 2009 17:01:41 -0800 (PST)
About this mailing:
You are receiving this e-mail because you subscribed to MSN Featured Offers. Microsoft respects your privacy. If you do not wish to receive this MSN Featured Offers e-mail, please click the "Unsubscribe" link below. This will not unsubscribe you from e-mail communications from third-party advertisers that may appear in MSN Feature Offers. This shall not constitute an offer by MSN. MSN shall not be responsible or liable for the advertisers' content nor any of the goods or service advertised. Prices and item availability subject to change without notice.

©2008 Microsoft | Unsubscribe | More Newsletters | Privacy

Microsoft Corporation, One Microsoft Way, Redmond, WA 07977
From granplaygp@eircom.net Sun Jan 4 18:16:19 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E637C3A6A24 for ; Sun, 4 Jan 2009 18:16:19 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 4.796 X-Spam-Level: **** X-Spam-Status: No, score=4.796 tagged_above=-999 required=5 tests=[ADVANCE_FEE_2=1.234, ADVANCE_FEE_3=1.432, BAYES_99=3.5, GB_I_LETTER=-2, US_DOLLARS_3=0.63] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9Y2wiINUBQja for ; Sun, 4 Jan 2009 18:16:19 -0800 (PST) Received: from mail08.svc.cra.dublin.eircom.net (mail08.svc.cra.dublin.eircom.net [159.134.118.24]) by core3.amsl.com (Postfix) with SMTP id 867D73A682E for ; Sun, 4 Jan 2009 18:16:19 -0800 (PST) Received: (qmail 31815 messnum 13337669 invoked from network[86.43.60.102/webmail02.webmail.cra.eircom.net]); 5 Jan 2009 02:16:06 -0000 Received: from webmail02.webmail.cra.eircom.net (HELO webmailclassic.eircom.net) (86.43.60.102) by mail08.svc.cra.dublin.eircom.net (qp 31815) with SMTP; 5 Jan 2009 02:16:06 -0000 From: "Mr Song Lile" Reply-To: To: lilesong@yahoo.com.hk Subject: Most Urgent Date: Mon, 5 Jan 2009 02:16:06 +0000 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit X-Originating-IP: 66.198.41.11 X-Mailer: Eircom Net CRC Webmail (http://www.eircom.net/) Organization: Eircom Net (http://www.eircom.net/) Message-Id: <20090105021619.867D73A682E@core3.amsl.com> Compliment of the day, My name is Mr. Lile Song, I work with HANG SENG BANK, HONG KONG.I have a Business Proposal of $19,500,000.00 for you to handle with me from my bank.If you are interested, please send me your, 1. Full names 2. Private phone number 3. Current residential address Please endeavor to observe utmost discretion in all matters concerning this issue. Once the funds have been transferred to your nominated bank account we shall then share in the ratio of 70% for me, 30% for you. Should you be Interested, My Personal Email Address Is lile_song.private03@yahoo.com.hk My Contact Number Is: +852-367-86701 Your earliest response to this letter will be appreciated. Meanwhile I want to let you know that i got your email id from your country chambers of commerce Kind Regards Mr. Lile Song ----------------------------------------------------------------- Find the home of your dreams with eircom net property Sign up for email alerts now http://www.eircom.net/propertyalerts From granplaygp@eircom.net Sun Jan 4 18:20:36 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 726A43A6A24 for ; Sun, 4 Jan 2009 18:20:36 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 4.796 X-Spam-Level: **** X-Spam-Status: No, score=4.796 tagged_above=-999 required=5 tests=[ADVANCE_FEE_2=1.234, ADVANCE_FEE_3=1.432, BAYES_99=3.5, GB_I_LETTER=-2, US_DOLLARS_3=0.63] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rcSKaE58MhgR for ; Sun, 4 Jan 2009 18:20:36 -0800 (PST) Received: from mail00.svc.cra.dublin.eircom.net (mail00.svc.cra.dublin.eircom.net [159.134.118.16]) by core3.amsl.com (Postfix) with SMTP id 149153A682E for ; Sun, 4 Jan 2009 18:20:35 -0800 (PST) Received: (qmail 44364 messnum 2388623 invoked from network[86.43.60.102/webmail02.webmail.cra.eircom.net]); 5 Jan 2009 02:20:22 -0000 Received: from webmail02.webmail.cra.eircom.net (HELO webmailclassic.eircom.net) (86.43.60.102) by mail00.svc.cra.dublin.eircom.net (qp 44364) with SMTP; 5 Jan 2009 02:20:22 -0000 From: "Mr Song Lile" Reply-To: To: lilesong@yahoo.com.hk Subject: Most Urgent Date: Mon, 5 Jan 2009 02:20:23 +0000 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit X-Originating-IP: 66.198.41.11 X-Mailer: Eircom Net CRC Webmail (http://www.eircom.net/) Organization: Eircom Net (http://www.eircom.net/) Message-Id: <20090105022036.149153A682E@core3.amsl.com> Compliment of the day, My name is Mr. Lile Song, I work with HANG SENG BANK, HONG KONG.I have a Business Proposal of $19,500,000.00 for you to handle with me from my bank.If you are interested, please send me your, 1. Full names 2. Private phone number 3. Current residential address Please endeavor to observe utmost discretion in all matters concerning this issue. Once the funds have been transferred to your nominated bank account we shall then share in the ratio of 70% for me, 30% for you. Should you be Interested, My Personal Email Address Is lile_song.private03@yahoo.com.hk My Contact Number Is: +852-367-86701 Your earliest response to this letter will be appreciated. Meanwhile I want to let you know that i got your email id from your country chambers of commerce Kind Regards Mr. Lile Song ----------------------------------------------------------------- Find the home of your dreams with eircom net property Sign up for email alerts now http://www.eircom.net/propertyalerts From 2gkah6kejhh059hf@deutsche-bank.de Sun Jan 4 23:13:40 2009 Return-Path: <2gkah6kejhh059hf@deutsche-bank.de> X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BE9E13A6AC1; Sun, 4 Jan 2009 23:13:40 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -40.687 X-Spam-Level: X-Spam-Status: No, score=-40.687 tagged_above=-999 required=5 tests=[BAYES_50=0.001, DNS_FROM_RFC_BOGUSMX=1.482, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_PL=1.135, HOST_EQ_PL=1.95, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aBrgLbSmPAT1; Sun, 4 Jan 2009 23:13:40 -0800 (PST) Received: from host-81-190-221-72.wroclaw.mm.pl (host-81-190-221-72.wroclaw.mm.pl [81.190.221.72]) by core3.amsl.com (Postfix) with SMTP id CA63B3A6A5A; Sun, 4 Jan 2009 23:13:23 -0800 (PST) Message-ID: Date: Mon, 05 Jan 2009 02:13:21 -0500 From: "Joan Kim" Subject: Jaeger LeCoultre cheaper than you could imagine! To: sip@ietf.org Content-Type: text/plain Content-Transfer-Encoding: 7bit Dear Joan, If you've waited to get your Longines watch, this is the right time to go for it. http://www.wanewave.com/ Take an extra 15% off your purchase during month of January (2009). http://www.wanewave.com/ Our Longines have all appropriate markings, wordings and engravings same as orginal. Sincerely, Mr Kim From owner-ietf-smime@mail.imc.org Mon Jan 5 00:54:03 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F0D153A6ACD for ; Mon, 5 Jan 2009 00:54:03 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.587 X-Spam-Level: X-Spam-Status: No, score=-2.587 tagged_above=-999 required=5 tests=[AWL=0.012, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yAENYJ2Xr5BP for ; Mon, 5 Jan 2009 00:54:03 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id CA0A93A6A97 for ; Mon, 5 Jan 2009 00:54:02 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n057bq5u073695 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 5 Jan 2009 00:37:52 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n057bqeH073693; Mon, 5 Jan 2009 00:37:52 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from dlpdemo.checkpoint.com (dlpdemo.checkpoint.com [194.29.32.54]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n057bdmS073671; Mon, 5 Jan 2009 00:37:50 -0700 (MST) (envelope-from ynir@checkpoint.com) Received: by dlpdemo.checkpoint.com (Postfix, from userid 105) id 42E2D29C003; Mon, 5 Jan 2009 09:37:38 +0200 (IST) Received: from michael.checkpoint.com (michael.checkpoint.com [194.29.32.68]) by dlpdemo.checkpoint.com (Postfix) with ESMTP id A8C0129C001; Mon, 5 Jan 2009 09:37:12 +0200 (IST) X-CheckPoint: {4961B6C6-10000-88241DC2-7B6} Received: from shiramnew.ad.checkpoint.com (localhost [127.0.0.1]) by michael.checkpoint.com (8.12.10+Sun/8.12.10) with ESMTP id n057bCfE026492; Mon, 5 Jan 2009 09:37:12 +0200 (IST) Cc: Paul Hoffman , "ietf-pkix@imc.org" , "ietf-smime@imc.org" , "cfrg@irtf.org" , "saag@ietf.org" Message-Id: <61150136-EAAD-4609-8AAC-22D57372359F@checkpoint.com> From: Yoav Nir To: "Weger, B.M.M. de" In-Reply-To: <7DF2365FF07C0E4E89419D65CCC93C9E014149035E31@EXCHANGE11.campus.tue.nl> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v930.3) Subject: Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate Date: Mon, 5 Jan 2009 09:37:11 +0200 References: <495BA5E9.8040305@pobox.com> <495E3446.4070606@htt-consult.com> <230CAA22-D118-4F29-9DC8-32FDCD7D771E@checkpoint.com> <7DF2365FF07C0E4E89419D65CCC93C9E014149035E31@EXCHANGE11.campus.tue.nl> X-Mailer: Apple Mail (2.930.3) Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: OK. Now I'm a lot confused :-) On Jan 5, 2009, at 12:02 AM, Weger, B.M.M. de wrote: > Hi Paul, > >>>> Just to repeat it one more time: #3 does not prevent the >> published attack. >>> >>> It does if the random fluff is inserted by the CA. The >> attack depends on their ability to predict the entire TBS part. >> >> I may have misunderstood the paper, but I think that changes >> after the subjectPublicKeyInfo do not affect the attack. > > Almost correct. A random looking "collision block" has to be inserted > somewhere. We chose to insert it in the public key, as that seems > the most convenient. Somebody else may find another place where > it can be hidden (maybe in a "subject key identifier" field or > something, > I don't know what would be feasible). Everything after the "collision > block" must be copied bitwise into the twin certificate, and must be > 'harmless' there. If 'random fluff' is inserted by the CA after the > "collision block", this 'random fluff' can be copied into the twin > certificate as well, retaining the collision property, and this > would indeed be irrelevant to our attack. If you inserted a random looking collision block in the public key, how did your signature on the PKCS#10 request verify? > > >>> Also, I've updated today and all the "bad" CAs with MD5 >> signatures are still in the TAS. >> >> As was pointed out to me earlier: it does not matter if the >> CA has its cert signed with MD5, only whether that CA *signs* >> with MD5. RapidSSL, for example, is still signed with MD5 but >> is now signing with SHA-1. > > Correct. Sure, but the other authorities that signed with MD5 (no idea if they've changed their evil ways) are still there. Email secured by Check Point From owner-ietf-smime@mail.imc.org Mon Jan 5 01:00:20 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 79AC23A67A4 for ; Mon, 5 Jan 2009 01:00:20 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.588 X-Spam-Level: X-Spam-Status: No, score=-2.588 tagged_above=-999 required=5 tests=[AWL=0.011, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id itLUd9SDhNGn for ; Mon, 5 Jan 2009 01:00:16 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 353A33A63D3 for ; Mon, 5 Jan 2009 01:00:15 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n057kQ1T073939 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 5 Jan 2009 00:46:26 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n057kQqE073938; Mon, 5 Jan 2009 00:46:26 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from dlpdemo.checkpoint.com (dlpdemo.checkpoint.com [194.29.32.54]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n057kOq2073915; Mon, 5 Jan 2009 00:46:24 -0700 (MST) (envelope-from ynir@checkpoint.com) Received: by dlpdemo.checkpoint.com (Postfix, from userid 105) id F169929C002; Mon, 5 Jan 2009 09:46:23 +0200 (IST) Received: from michael.checkpoint.com (michael.checkpoint.com [194.29.32.68]) by dlpdemo.checkpoint.com (Postfix) with ESMTP id 1F4D629C001; Mon, 5 Jan 2009 09:46:23 +0200 (IST) X-CheckPoint: {4961B8EC-10000-88241DC2-7B6} Received: from gilg-7800.ad.checkpoint.com (localhost [127.0.0.1]) by michael.checkpoint.com (8.12.10+Sun/8.12.10) with ESMTP id n057kMfE028615; Mon, 5 Jan 2009 09:46:22 +0200 (IST) Cc: Paul Hoffman , ietf-pkix@imc.org, ietf-smime@imc.org, cfrg@irtf.org, saag@ietf.org Message-Id: From: Yoav Nir To: "B.M.M. de Weger" In-Reply-To: <61150136-EAAD-4609-8AAC-22D57372359F@checkpoint.com> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v930.3) Subject: Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate Date: Mon, 5 Jan 2009 09:46:21 +0200 References: <495BA5E9.8040305@pobox.com> <495E3446.4070606@htt-consult.com> <230CAA22-D118-4F29-9DC8-32FDCD7D771E@checkpoint.com> <7DF2365FF07C0E4E89419D65CCC93C9E014149035E31@EXCHANGE11.campus.tue.nl> <61150136-EAAD-4609-8AAC-22D57372359F@checkpoint.com> X-Mailer: Apple Mail (2.930.3) Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Oh, OK. I got it now. Eek. On Jan 5, 2009, at 9:37 AM, Yoav Nir wrote: > OK. Now I'm a lot confused :-) > > On Jan 5, 2009, at 12:02 AM, Weger, B.M.M. de wrote: > >> Hi Paul, >> >>>>> Just to repeat it one more time: #3 does not prevent the >>> published attack. >>>> >>>> It does if the random fluff is inserted by the CA. The >>> attack depends on their ability to predict the entire TBS part. >>> >>> I may have misunderstood the paper, but I think that changes >>> after the subjectPublicKeyInfo do not affect the attack. >> >> Almost correct. A random looking "collision block" has to be inserted >> somewhere. We chose to insert it in the public key, as that seems >> the most convenient. Somebody else may find another place where >> it can be hidden (maybe in a "subject key identifier" field or >> something, >> I don't know what would be feasible). Everything after the "collision >> block" must be copied bitwise into the twin certificate, and must be >> 'harmless' there. If 'random fluff' is inserted by the CA after the >> "collision block", this 'random fluff' can be copied into the twin >> certificate as well, retaining the collision property, and this >> would indeed be irrelevant to our attack. > > If you inserted a random looking collision block in the public key, > how did your signature on the PKCS#10 request verify? > >> >> >>>> Also, I've updated today and all the "bad" CAs with MD5 >>> signatures are still in the TAS. >>> >>> As was pointed out to me earlier: it does not matter if the >>> CA has its cert signed with MD5, only whether that CA *signs* >>> with MD5. RapidSSL, for example, is still signed with MD5 but >>> is now signing with SHA-1. >> >> Correct. > > Sure, but the other authorities that signed with MD5 (no idea if > they've changed their evil ways) are still there. > Email secured by Check Point From owner-ietf-smime@mail.imc.org Mon Jan 5 05:48:01 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E6C5E3A67AF for ; Mon, 5 Jan 2009 05:48:01 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1bgAfHqjwyyn for ; Mon, 5 Jan 2009 05:48:01 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id C13793A67AB for ; Mon, 5 Jan 2009 05:48:00 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n05DRKP3091711 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 5 Jan 2009 06:27:21 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n05DRKMd091709; Mon, 5 Jan 2009 06:27:20 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from vms044pub.verizon.net (vms044pub.verizon.net [206.46.252.44]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n05DR8ke091693; Mon, 5 Jan 2009 06:27:19 -0700 (MST) (envelope-from rja@extremenetworks.com) Received: from [10.30.20.71] ([70.104.193.39]) by vms044.mailsrvcs.net (Sun Java System Messaging Server 6.2-6.01 (built Apr 3 2006)) with ESMTPA id <0KD000BYR2OSD332@vms044.mailsrvcs.net>; Mon, 05 Jan 2009 07:26:57 -0600 (CST) Date: Mon, 05 Jan 2009 08:26:52 -0500 From: RJ Atkinson Subject: Re: [saag] Further MD5 breaks: Creating a rogue CA certificate In-reply-to: <200901051006.FAA20784@Sparkle.Rodents-Montreal.ORG> To: der Mouse Cc: "ietf-pkix@imc.org" , "ietf-smime@imc.org" , "cfrg@irtf.org" , "saag@ietf.org" Message-id: MIME-version: 1.0 (Apple Message framework v930.3) X-Mailer: Apple Mail (2.930.3) Content-type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-transfer-encoding: 7bit References: <200812301605.mBUG5cKU027325@raisinbran.srv.cs.cmu.edu> <9535147E88DA266C69B983D0@atlantis.pc.cs.cmu.edu> <200901051006.FAA20784@Sparkle.Rodents-Montreal.ORG> Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: On 5 Jan 2009, at 04:57, der Mouse wrote: > What I, as an amateur, take away from it is approximately "MD5 is > showing more and more cracks and nobody should use it for anything > that > needs to withstand a malicious adversary". Within the CA world, many folks here seem to agree. However, the usage in CAs is rather different from some other modes of operation (e.g. Keyed-Hash, HMAC-Hash). So far, there are no known attacks on those other modes of operation. [If someone knows of a refereed paper that's been published on those latter topics, please share a citation here.] > These may be the best openly published breaks of MD5 at the moment, Mind, there are published "serious attacks" [using NIST's words from their web site] against SHA-0 and SHA-1 also. Timothy Miller seemed to suggest in recent email that perhaps the PKIX WG might enhance the CA structure to increase attack resistance in an algorithm-independent way. Now, may I suggest that folks please LOOK AT and possibly REDUCE/EDIT the CC line as they reply to this thread going forward. Items that are PKIX specific likely belong only on the PKIX list. Ditto for SMIME specific issues to the SMIME list. That would leave only generic comments for the SAAG list. Cheers, Ran From owner-ietf-smime@mail.imc.org Mon Jan 5 06:32:16 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EE2E63A6AEF for ; Mon, 5 Jan 2009 06:32:16 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.592 X-Spam-Level: X-Spam-Status: No, score=-6.592 tagged_above=-999 required=5 tests=[AWL=0.007, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zmdOdvHnOjAz for ; Mon, 5 Jan 2009 06:32:16 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 447AC3A68A2 for ; Mon, 5 Jan 2009 06:32:13 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n05EBY8q094113 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 5 Jan 2009 07:11:34 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n05EBYMV094111; Mon, 5 Jan 2009 07:11:34 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from smtp-bedford.mitre.org (smtp-bedford.mitre.org [129.83.20.191]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n05EBMi0094084; Mon, 5 Jan 2009 07:11:32 -0700 (MST) (envelope-from tmiller@mitre.org) Received: from smtp-bedford.mitre.org (localhost.localdomain [127.0.0.1]) by smtp-bedford.mitre.org (8.13.1/8.13.1) with ESMTP id n05EBLrJ024501; Mon, 5 Jan 2009 09:11:21 -0500 Received: from imchub1.MITRE.ORG (imchub1.mitre.org [129.83.29.73]) by smtp-bedford.mitre.org (8.13.1/8.13.1) with ESMTP id n05EBK0m024486; Mon, 5 Jan 2009 09:11:20 -0500 Received: from [129.83.200.3] (129.83.200.3) by imchub1.MITRE.ORG (129.83.29.73) with Microsoft SMTP Server (TLS) id 8.1.311.2; Mon, 5 Jan 2009 09:11:20 -0500 Message-ID: <496214E9.6010902@mitre.org> Date: Mon, 5 Jan 2009 08:10:49 -0600 From: "Timothy J. Miller" User-Agent: Thunderbird 2.0.0.19 (Windows/20081209) MIME-Version: 1.0 To: Ben Laurie CC: Santosh Chokhani , Paul Hoffman , "cfrg@irtf.org" , "ietf-smime@imc.org" , "saag@ietf.org" , "ietf-pkix@imc.org" , "mike-list@pobox.com" Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate References: <495BA5E9.8040305@pobox.com> <1b587cab0901010706j6e8cd2f8pf23345660a4825a5@mail.gmail.com> <495D0100.6000200@links.org> <495D1C0A.2080105@links.org> In-Reply-To: <495D1C0A.2080105@links.org> Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms030202050805090401080206" Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: --------------ms030202050805090401080206 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Ben Laurie wrote: > I am not suggesting that we should fix X.509, I am pointing out, in my > own roundabout way, that X.509 certs are supposed to have a canonical > form. But it seems they do not. That was last month's major discussion on PKIX. The upshot: there's no canonical form other than what's in memory. -- Tim --------------ms030202050805090401080206 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIKvjCC A2cwggJPoAMCAQICAh8FMA0GCSqGSIb3DQEBBQUAMF0xEjAQBgNVBAoTCW1pdHJlLm9yZzEe MBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MScwJQYDVQQDEx5NSVRSRSBDb3Jwb3Jh dGlvbiBQcmltYXJ5IENBLTEwHhcNMDgwODIxMTUzMTI5WhcNMTAwMjEyMTUzMTI5WjBaMRIw EAYDVQQKEwltaXRyZS5vcmcxDzANBgNVBAsTBnBlb3BsZTEXMBUGCgmSJomT8ixkAQETB3Rt aWxsZXIxGjAYBgNVBAMTEU1pbGxlciBUaW1vdGh5IEouMIGfMA0GCSqGSIb3DQEBAQUAA4GN ADCBiQKBgQCTxM+z5fDKvmBInGatv0DkVwuOxd69S2M2jho8QkOltYJK/4JUm9uK0UtQZkyI bEjmCpmXLw17iMCgA0SjwuUfJxdF8ntTys8keyMjRdlKSwFnkgZl9tL7o060LBtZQYzI5ajr W9k3N768G/k1bZS5UYiMGHU5+Ygl4IwVhmQv3wIDAQABo4G3MIG0MA4GA1UdDwEB/wQEAwIF 4DAdBgNVHQ4EFgQUSXARqmj5Bl2Lz7RLoUIkuOHl0MkwHwYDVR0jBBgwFoAUh7QPSI1iM0LB LVEaSB7CnrsKsa0wRAYDVR0fBD0wOzA5oDegNYYzaHR0cDovL3d3dy5taXRyZS5vcmcvdGVj aC9taWkvcGtpL2NhMV9taXRyZV9vcmcuY3JsMBwGA1UdEQQVMBOBEXRtaWxsZXJAbWl0cmUu b3JnMA0GCSqGSIb3DQEBBQUAA4IBAQAbA1PH/hed/rryO1f0yfTRJnD/vL1rFTduUut/irL7 FSXHGybuPHxydfyGPvJ4qj+T8hs1W0jTa2zQnaPR52tms3hefl76CNVP9vJoVmaM9svFX4DX 6eJh/4SAI81tAuBIK8gxsWd1Va/Bnnh1/wsZLc8w2jkojVqkT2AHPaHS3DBKX7QAWovXVSxY QlqMIH4zvSNSVfpvpIf0MWJWRBPvgerVSbJsA4dz6ziKvXDWySTV9zwSuNjikNqL//nIKwjb r3ZOfSUOxSuhW58an2Ha4TdORvG4dGJEsMzxbpTB+wt/s6tK6roONV4uiDtODBNVAG+XGofe McsS0b7iXdxDMIIDZzCCAk+gAwIBAgICHwUwDQYJKoZIhvcNAQEFBQAwXTESMBAGA1UEChMJ bWl0cmUub3JnMR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxJzAlBgNVBAMTHk1J VFJFIENvcnBvcmF0aW9uIFByaW1hcnkgQ0EtMTAeFw0wODA4MjExNTMxMjlaFw0xMDAyMTIx NTMxMjlaMFoxEjAQBgNVBAoTCW1pdHJlLm9yZzEPMA0GA1UECxMGcGVvcGxlMRcwFQYKCZIm iZPyLGQBARMHdG1pbGxlcjEaMBgGA1UEAxMRTWlsbGVyIFRpbW90aHkgSi4wgZ8wDQYJKoZI hvcNAQEBBQADgY0AMIGJAoGBAJPEz7Pl8Mq+YEicZq2/QORXC47F3r1LYzaOGjxCQ6W1gkr/ glSb24rRS1BmTIhsSOYKmZcvDXuIwKADRKPC5R8nF0Xye1PKzyR7IyNF2UpLAWeSBmX20vuj TrQsG1lBjMjlqOtb2Tc3vrwb+TVtlLlRiIwYdTn5iCXgjBWGZC/fAgMBAAGjgbcwgbQwDgYD VR0PAQH/BAQDAgXgMB0GA1UdDgQWBBRJcBGqaPkGXYvPtEuhQiS44eXQyTAfBgNVHSMEGDAW gBSHtA9IjWIzQsEtURpIHsKeuwqxrTBEBgNVHR8EPTA7MDmgN6A1hjNodHRwOi8vd3d3Lm1p dHJlLm9yZy90ZWNoL21paS9wa2kvY2ExX21pdHJlX29yZy5jcmwwHAYDVR0RBBUwE4ERdG1p bGxlckBtaXRyZS5vcmcwDQYJKoZIhvcNAQEFBQADggEBABsDU8f+F53+uvI7V/TJ9NEmcP+8 vWsVN25S63+KsvsVJccbJu48fHJ1/IY+8niqP5PyGzVbSNNrbNCdo9Hna2azeF5+XvoI1U/2 8mhWZoz2y8VfgNfp4mH/hIAjzW0C4EgryDGxZ3VVr8GeeHX/CxktzzDaOSiNWqRPYAc9odLc MEpftABai9dVLFhCWowgfjO9I1JV+m+kh/QxYlZEE++B6tVJsmwDh3PrOIq9cNbJJNX3PBK4 2OKQ2ov/+cgrCNuvdk59JQ7FK6FbnxqfYdrhN05G8bh0YkSwzPFulMH7C3+zq0rqug41Xi6I O04ME1UAb5cah94xyxLRvuJd3EMwggPkMIICzKADAgECAgEFMA0GCSqGSIb3DQEBBQUAMFox EjAQBgNVBAoTCW1pdHJlLm9yZzEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MSQw IgYDVQQDExtNSVRSRSBDb3Jwb3JhdGlvbiBSb290IENBLTEwHhcNMDYwNjAzMTcxMzIyWhcN MTIwNjAzMTcxMzIyWjBdMRIwEAYDVQQKEwltaXRyZS5vcmcxHjAcBgNVBAsTFUNlcnRpZmlj YXRlIEF1dGhvcml0eTEnMCUGA1UEAxMeTUlUUkUgQ29ycG9yYXRpb24gUHJpbWFyeSBDQS0x MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyPB7Vl0QgqgQt0u8Q2duRs7eZUPn hlflKPFPMXGG+iqGpImYs6nfbFPsn0q8FqklFsm/UEV2JJQ3c7Srwfrqe9CrCbVFh761OxZI 7fnUWiUasNP2ING19aAfrQ8IoJsAEtGzHeIacS+M5CN4C0yfUC6CpBZTc9ZldjLUatvJr407 K1i+7WnrRsMVKhICfgmiO/XiVR9YeXyzeRqFrLy6YtJCJuJd0QRfwKtKRpek5oU67Izr7ClH DtPJs7UOTjMYBS2fTzztC+wwOTp6+A3ZbEymuQcAZRwmGkjVBe2R8MiX26R02Iigz+903ZAL /6bpvx0DnkrlR2UFr1KBGfBqmQIDAQABo4GxMIGuMBIGA1UdEwEB/wQIMAYBAf8CAQIwDgYD VR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSHtA9IjWIzQsEtURpIHsKeuwqxrTAfBgNVHSMEGDAW gBTHcFEA2E3+5AHUaJbFPZ+al/50LzBIBgNVHR8EQTA/MD2gO6A5hjdodHRwOi8vd3d3Lm1p dHJlLm9yZy90ZWNoL21paS9wa2kvcm9vdGNhMV9taXRyZV9vcmcuY3JsMA0GCSqGSIb3DQEB BQUAA4IBAQBNbm7rrins3SICPbteX9qSN1+RJClqix/pw3IAe7u60LK0V9jVZ9E2a+c0MZiS ojdcwU5rXxI2OI2wwIf6wVBo76jIOc+IiQRlC+V8YatGmoibqP/8WDPzlud/WQAzkjrU2nuh 8KdyJG+n1kH/6772Lbra2CIk8mu8FypeaB5P2uIJzdE+PGo82ZiyU680ukiJ9yF6UmEXuciB 77tGQBRxMl6ePzIrArQnf48SmBhFD5XYLraueOiG7E+AzD99ig1M6WHcxWXtp3DIrVqE/DZr 146NJaCWqg9NoE14cmpEllnpWLtLnn5UBYJ+QCozmbe1SJXOOynZ0VxMnGdh7NqgMYICqDCC AqQCAQEwYzBdMRIwEAYDVQQKEwltaXRyZS5vcmcxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1 dGhvcml0eTEnMCUGA1UEAxMeTUlUUkUgQ29ycG9yYXRpb24gUHJpbWFyeSBDQS0xAgIfBTAJ BgUrDgMCGgUAoIIBmzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEP Fw0wOTAxMDUxNDEwNDlaMCMGCSqGSIb3DQEJBDEWBBSDPQhbY26jaDdUKPOtB4gReiXvRTBS BgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0D AgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDByBgkrBgEEAYI3EAQxZTBjMF0xEjAQBgNV BAoTCW1pdHJlLm9yZzEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MScwJQYDVQQD Ex5NSVRSRSBDb3Jwb3JhdGlvbiBQcmltYXJ5IENBLTECAh8FMHQGCyqGSIb3DQEJEAILMWWg YzBdMRIwEAYDVQQKEwltaXRyZS5vcmcxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0 eTEnMCUGA1UEAxMeTUlUUkUgQ29ycG9yYXRpb24gUHJpbWFyeSBDQS0xAgIfBTANBgkqhkiG 9w0BAQEFAASBgC2068jNlWSn64YcsvU04REhtJnMOZYhx6rrMPrjFmoq7bvNJ2vIBA91zWAz ypaQhqHqYODjapnJ1CwHoHts1Ff/A0jeBcqdWUMEZFnkJCtZwGruMClZJwLiHeYdzBueizld FQYycjbD+jNX17S8GB288wkFDYJzInkII3V6qwgtAAAAAAAA --------------ms030202050805090401080206-- From owner-ietf-smime@mail.imc.org Mon Jan 5 06:55:31 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C0A503A68E0 for ; Mon, 5 Jan 2009 06:55:31 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.43 X-Spam-Level: X-Spam-Status: No, score=-6.43 tagged_above=-999 required=5 tests=[AWL=-0.146, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, SARE_MILLIONSOF=0.315] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wrWa9zAh2Y6y for ; Mon, 5 Jan 2009 06:55:31 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 718EE3A6359 for ; Mon, 5 Jan 2009 06:55:30 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n05EetuG096013 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 5 Jan 2009 07:40:55 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n05EetdR096012; Mon, 5 Jan 2009 07:40:55 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from smtp-bedford.mitre.org (smtp-bedford.mitre.org [129.83.20.191]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n05Eermp096000; Mon, 5 Jan 2009 07:40:53 -0700 (MST) (envelope-from tmiller@mitre.org) Received: from smtp-bedford.mitre.org (localhost.localdomain [127.0.0.1]) by smtp-bedford.mitre.org (8.13.1/8.13.1) with ESMTP id n05EepRd014015; Mon, 5 Jan 2009 09:40:52 -0500 Received: from imchub1.MITRE.ORG (imchub1.mitre.org [129.83.29.73]) by smtp-bedford.mitre.org (8.13.1/8.13.1) with ESMTP id n05EepET013978; Mon, 5 Jan 2009 09:40:51 -0500 Received: from [129.83.200.3] (129.83.200.3) by imchub1.MITRE.ORG (129.83.29.73) with Microsoft SMTP Server (TLS) id 8.1.311.2; Mon, 5 Jan 2009 09:40:51 -0500 Message-ID: <49621BD4.1020909@mitre.org> Date: Mon, 5 Jan 2009 08:40:20 -0600 From: "Timothy J. Miller" User-Agent: Thunderbird 2.0.0.19 (Windows/20081209) MIME-Version: 1.0 To: Yoav Nir CC: Robert Moskowitz , Peter Hesse , "ietf-pkix@imc.org" , "'Mike'" , "cfrg@irtf.org" , "saag@ietf.org" , "ietf-smime@imc.org" Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate References: <495BA5E9.8040305@pobox.com> <495E3446.4070606@htt-consult.com> <230CAA22-D118-4F29-9DC8-32FDCD7D771E@checkpoint.com> In-Reply-To: <230CAA22-D118-4F29-9DC8-32FDCD7D771E@checkpoint.com> Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms070001040001010905020508" Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: --------------ms070001040001010905020508 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Yoav Nir wrote: >> This sounds great at an IETF mike, but out in the field how do you >> get all those millions of browsers to pull down a new trust list >> that will no longer include CA foobar? >> Can't happen now, and the way things are going, ain't going to >> happen before 2026 either. > There's this one company such that if they use Windows update to > update their browsers, the others will follow. Technically, it's very > easy to get rid of the bad CAs. However, that company is not going to > modify their browsers, not now, probably not in the next few years. I hate to burst your bubble, but there's no automated way to *remove* certs from the MS cert store. You have to script it, and the script can fail any number of different ways. The only reliable way to nuke a trusted cert from Windows is touch management of workstations. -- Tim --------------ms070001040001010905020508 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIKvjCC A2cwggJPoAMCAQICAh8FMA0GCSqGSIb3DQEBBQUAMF0xEjAQBgNVBAoTCW1pdHJlLm9yZzEe MBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MScwJQYDVQQDEx5NSVRSRSBDb3Jwb3Jh dGlvbiBQcmltYXJ5IENBLTEwHhcNMDgwODIxMTUzMTI5WhcNMTAwMjEyMTUzMTI5WjBaMRIw EAYDVQQKEwltaXRyZS5vcmcxDzANBgNVBAsTBnBlb3BsZTEXMBUGCgmSJomT8ixkAQETB3Rt aWxsZXIxGjAYBgNVBAMTEU1pbGxlciBUaW1vdGh5IEouMIGfMA0GCSqGSIb3DQEBAQUAA4GN ADCBiQKBgQCTxM+z5fDKvmBInGatv0DkVwuOxd69S2M2jho8QkOltYJK/4JUm9uK0UtQZkyI bEjmCpmXLw17iMCgA0SjwuUfJxdF8ntTys8keyMjRdlKSwFnkgZl9tL7o060LBtZQYzI5ajr W9k3N768G/k1bZS5UYiMGHU5+Ygl4IwVhmQv3wIDAQABo4G3MIG0MA4GA1UdDwEB/wQEAwIF 4DAdBgNVHQ4EFgQUSXARqmj5Bl2Lz7RLoUIkuOHl0MkwHwYDVR0jBBgwFoAUh7QPSI1iM0LB LVEaSB7CnrsKsa0wRAYDVR0fBD0wOzA5oDegNYYzaHR0cDovL3d3dy5taXRyZS5vcmcvdGVj aC9taWkvcGtpL2NhMV9taXRyZV9vcmcuY3JsMBwGA1UdEQQVMBOBEXRtaWxsZXJAbWl0cmUu b3JnMA0GCSqGSIb3DQEBBQUAA4IBAQAbA1PH/hed/rryO1f0yfTRJnD/vL1rFTduUut/irL7 FSXHGybuPHxydfyGPvJ4qj+T8hs1W0jTa2zQnaPR52tms3hefl76CNVP9vJoVmaM9svFX4DX 6eJh/4SAI81tAuBIK8gxsWd1Va/Bnnh1/wsZLc8w2jkojVqkT2AHPaHS3DBKX7QAWovXVSxY QlqMIH4zvSNSVfpvpIf0MWJWRBPvgerVSbJsA4dz6ziKvXDWySTV9zwSuNjikNqL//nIKwjb r3ZOfSUOxSuhW58an2Ha4TdORvG4dGJEsMzxbpTB+wt/s6tK6roONV4uiDtODBNVAG+XGofe McsS0b7iXdxDMIIDZzCCAk+gAwIBAgICHwUwDQYJKoZIhvcNAQEFBQAwXTESMBAGA1UEChMJ bWl0cmUub3JnMR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxJzAlBgNVBAMTHk1J VFJFIENvcnBvcmF0aW9uIFByaW1hcnkgQ0EtMTAeFw0wODA4MjExNTMxMjlaFw0xMDAyMTIx NTMxMjlaMFoxEjAQBgNVBAoTCW1pdHJlLm9yZzEPMA0GA1UECxMGcGVvcGxlMRcwFQYKCZIm iZPyLGQBARMHdG1pbGxlcjEaMBgGA1UEAxMRTWlsbGVyIFRpbW90aHkgSi4wgZ8wDQYJKoZI hvcNAQEBBQADgY0AMIGJAoGBAJPEz7Pl8Mq+YEicZq2/QORXC47F3r1LYzaOGjxCQ6W1gkr/ glSb24rRS1BmTIhsSOYKmZcvDXuIwKADRKPC5R8nF0Xye1PKzyR7IyNF2UpLAWeSBmX20vuj TrQsG1lBjMjlqOtb2Tc3vrwb+TVtlLlRiIwYdTn5iCXgjBWGZC/fAgMBAAGjgbcwgbQwDgYD VR0PAQH/BAQDAgXgMB0GA1UdDgQWBBRJcBGqaPkGXYvPtEuhQiS44eXQyTAfBgNVHSMEGDAW gBSHtA9IjWIzQsEtURpIHsKeuwqxrTBEBgNVHR8EPTA7MDmgN6A1hjNodHRwOi8vd3d3Lm1p dHJlLm9yZy90ZWNoL21paS9wa2kvY2ExX21pdHJlX29yZy5jcmwwHAYDVR0RBBUwE4ERdG1p bGxlckBtaXRyZS5vcmcwDQYJKoZIhvcNAQEFBQADggEBABsDU8f+F53+uvI7V/TJ9NEmcP+8 vWsVN25S63+KsvsVJccbJu48fHJ1/IY+8niqP5PyGzVbSNNrbNCdo9Hna2azeF5+XvoI1U/2 8mhWZoz2y8VfgNfp4mH/hIAjzW0C4EgryDGxZ3VVr8GeeHX/CxktzzDaOSiNWqRPYAc9odLc MEpftABai9dVLFhCWowgfjO9I1JV+m+kh/QxYlZEE++B6tVJsmwDh3PrOIq9cNbJJNX3PBK4 2OKQ2ov/+cgrCNuvdk59JQ7FK6FbnxqfYdrhN05G8bh0YkSwzPFulMH7C3+zq0rqug41Xi6I O04ME1UAb5cah94xyxLRvuJd3EMwggPkMIICzKADAgECAgEFMA0GCSqGSIb3DQEBBQUAMFox EjAQBgNVBAoTCW1pdHJlLm9yZzEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MSQw IgYDVQQDExtNSVRSRSBDb3Jwb3JhdGlvbiBSb290IENBLTEwHhcNMDYwNjAzMTcxMzIyWhcN MTIwNjAzMTcxMzIyWjBdMRIwEAYDVQQKEwltaXRyZS5vcmcxHjAcBgNVBAsTFUNlcnRpZmlj YXRlIEF1dGhvcml0eTEnMCUGA1UEAxMeTUlUUkUgQ29ycG9yYXRpb24gUHJpbWFyeSBDQS0x MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyPB7Vl0QgqgQt0u8Q2duRs7eZUPn hlflKPFPMXGG+iqGpImYs6nfbFPsn0q8FqklFsm/UEV2JJQ3c7Srwfrqe9CrCbVFh761OxZI 7fnUWiUasNP2ING19aAfrQ8IoJsAEtGzHeIacS+M5CN4C0yfUC6CpBZTc9ZldjLUatvJr407 K1i+7WnrRsMVKhICfgmiO/XiVR9YeXyzeRqFrLy6YtJCJuJd0QRfwKtKRpek5oU67Izr7ClH DtPJs7UOTjMYBS2fTzztC+wwOTp6+A3ZbEymuQcAZRwmGkjVBe2R8MiX26R02Iigz+903ZAL /6bpvx0DnkrlR2UFr1KBGfBqmQIDAQABo4GxMIGuMBIGA1UdEwEB/wQIMAYBAf8CAQIwDgYD VR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSHtA9IjWIzQsEtURpIHsKeuwqxrTAfBgNVHSMEGDAW gBTHcFEA2E3+5AHUaJbFPZ+al/50LzBIBgNVHR8EQTA/MD2gO6A5hjdodHRwOi8vd3d3Lm1p dHJlLm9yZy90ZWNoL21paS9wa2kvcm9vdGNhMV9taXRyZV9vcmcuY3JsMA0GCSqGSIb3DQEB BQUAA4IBAQBNbm7rrins3SICPbteX9qSN1+RJClqix/pw3IAe7u60LK0V9jVZ9E2a+c0MZiS ojdcwU5rXxI2OI2wwIf6wVBo76jIOc+IiQRlC+V8YatGmoibqP/8WDPzlud/WQAzkjrU2nuh 8KdyJG+n1kH/6772Lbra2CIk8mu8FypeaB5P2uIJzdE+PGo82ZiyU680ukiJ9yF6UmEXuciB 77tGQBRxMl6ePzIrArQnf48SmBhFD5XYLraueOiG7E+AzD99ig1M6WHcxWXtp3DIrVqE/DZr 146NJaCWqg9NoE14cmpEllnpWLtLnn5UBYJ+QCozmbe1SJXOOynZ0VxMnGdh7NqgMYICqDCC AqQCAQEwYzBdMRIwEAYDVQQKEwltaXRyZS5vcmcxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1 dGhvcml0eTEnMCUGA1UEAxMeTUlUUkUgQ29ycG9yYXRpb24gUHJpbWFyeSBDQS0xAgIfBTAJ BgUrDgMCGgUAoIIBmzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEP Fw0wOTAxMDUxNDQwMjBaMCMGCSqGSIb3DQEJBDEWBBQSPC3dPpk05tig2GinEiQq/mA0sDBS BgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0D AgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDByBgkrBgEEAYI3EAQxZTBjMF0xEjAQBgNV BAoTCW1pdHJlLm9yZzEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MScwJQYDVQQD Ex5NSVRSRSBDb3Jwb3JhdGlvbiBQcmltYXJ5IENBLTECAh8FMHQGCyqGSIb3DQEJEAILMWWg YzBdMRIwEAYDVQQKEwltaXRyZS5vcmcxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0 eTEnMCUGA1UEAxMeTUlUUkUgQ29ycG9yYXRpb24gUHJpbWFyeSBDQS0xAgIfBTANBgkqhkiG 9w0BAQEFAASBgCWU5pWSQ26W1GWOS1O6u2maERpV1SaNQz8CO2ZgJOiaEVaMd+PWQW5X085o VdD79oEPRc7V/Ow7Ti/y160IXe2663qiEpPLRmHwUBBu65OLBPI7cOE7l88IP6qyat8ct7XX /Jy6tYLuFBDyyiCYutOesjuQK8B5J8QZhwLlDonwAAAAAAAA --------------ms070001040001010905020508-- From owner-ietf-smime@mail.imc.org Mon Jan 5 10:31:54 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 73B783A680C for ; Mon, 5 Jan 2009 10:31:54 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.524 X-Spam-Level: X-Spam-Status: No, score=-6.524 tagged_above=-999 required=5 tests=[AWL=0.075, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yicWsso3E26O for ; Mon, 5 Jan 2009 10:31:53 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id BD3393A69BD for ; Mon, 5 Jan 2009 10:31:52 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n05IFVK4027133 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 5 Jan 2009 11:15:31 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n05IFV7f027132; Mon, 5 Jan 2009 11:15:31 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n05IFT9q027107 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=FAIL); Mon, 5 Jan 2009 11:15:30 -0700 (MST) (envelope-from mcgrew@cisco.com) X-IronPort-AV: E=Sophos;i="4.36,332,1228089600"; d="p7s'?scan'208";a="224066225" Received: from sj-dkim-1.cisco.com ([171.71.179.21]) by sj-iport-6.cisco.com with ESMTP; 05 Jan 2009 18:15:29 +0000 Received: from sj-core-1.cisco.com (sj-core-1.cisco.com [171.71.177.237]) by sj-dkim-1.cisco.com (8.12.11/8.12.11) with ESMTP id n05IFTwg004793; Mon, 5 Jan 2009 10:15:29 -0800 Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com [128.107.191.63]) by sj-core-1.cisco.com (8.13.8/8.13.8) with ESMTP id n05IFTt1024062; Mon, 5 Jan 2009 18:15:29 GMT Received: from xfe-sjc-212.amer.cisco.com ([171.70.151.187]) by xbh-sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 5 Jan 2009 10:15:29 -0800 Received: from stealth-10-32-254-212.cisco.com ([10.32.254.212]) by xfe-sjc-212.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 5 Jan 2009 10:15:28 -0800 Cc: ietf-pkix@imc.org, ietf-smime@imc.org, cfrg@irtf.org, saag@ietf.org Message-Id: <5F8E31B0-CD96-4ED1-83FD-883F0AD78657@cisco.com> From: David McGrew To: RJ Atkinson In-Reply-To: Content-Type: multipart/signed; boundary=Apple-Mail-28--530943312; micalg=sha1; protocol="application/pkcs7-signature" Mime-Version: 1.0 (Apple Message framework v929.2) Subject: attacks on keyed-hash constructions [was: Re: [cfrg] Further MD5 breaks: Creating a rogue CA certificate] Date: Mon, 5 Jan 2009 10:15:26 -0800 References: <200812301605.mBUG5cKU027325@raisinbran.srv.cs.cmu.edu> <9535147E88DA266C69B983D0@atlantis.pc.cs.cmu.edu> <200901051006.FAA20784@Sparkle.Rodents-Montreal.ORG> X-Mailer: Apple Mail (2.929.2) X-OriginalArrivalTime: 05 Jan 2009 18:15:28.0611 (UTC) FILETIME=[969C5B30:01C96F61] DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=5059; t=1231179329; x=1232043329; c=relaxed/simple; s=sjdkim1004; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=mcgrew@cisco.com; z=From:=20David=20McGrew=20 |Subject:=20attacks=20on=20keyed-hash=20constructions=20[wa s=3A=20Re=3A=20[cfrg]=20Further=20MD5=20breaks=3A=20Creating =20a=20rogue=20CA=20certificate] |Sender:=20; bh=qPhI4WZyZUZj1QJj+mjGuOCPBHDq0ZmCR0YsJEtfVis=; b=jLe9CpwfbLw6qFZiLttqNAHMr3IckcKvlUyuj0O3RSjvj7W+2q0K8ZOsfm i6/sXhyWMPuxWIseEY7CbLm4+1NyhFHB4TZ6C3+eFDZ0FC/ZJ4VwuHnPi5uv rtI8RjGvfhStRo0a+jdc5Ydow8QC76wKUkpfpqtbas/QDxwbVTXZI=; Authentication-Results: sj-dkim-1; header.From=mcgrew@cisco.com; dkim=pass ( sig from cisco.com/sjdkim1004 verified; ); Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: --Apple-Mail-28--530943312 Content-Type: text/plain; charset=WINDOWS-1252; format=flowed; delsp=yes Content-Transfer-Encoding: quoted-printable Hi Ran, On Jan 5, 2009, at 5:26 AM, RJ Atkinson wrote: > > On 5 Jan 2009, at 04:57, der Mouse wrote: >> What I, as an amateur, take away from it is approximately "MD5 is >> showing more and more cracks and nobody should use it for anything =20= >> that >> needs to withstand a malicious adversary". > > Within the CA world, many folks here seem to agree. > > However, the usage in CAs is rather different from > some other modes of operation (e.g. Keyed-Hash, HMAC-Hash). > > So far, there are no known attacks on those other modes of operation. > [If someone knows of a refereed paper that's been published > on those latter topics, please share a citation here.] I'm not sure what you mean by keyed-hash, but here are some attacks =20 that might be relevant. [1] B. Preneel and P. van Oorschot, =93MD-x MAC and building fast MACs =20= from hash functions,=94 Advances in Cryptology =96 Crypto 95 Proceedings, Lecture =20= Notes in Computer Science Vol. 963, D. Coppersmith ed., Springer-Verlag, 1995. [2] B. Preneel and P. van Oorschot, =93On the security of two MAC =20 algorithms,=94 Advances in Cryptology =96 Eurocrypt 96 Proceedings, Lecture Notes in Computer =20= Science Vol. ??, U. Maurer ed., Springer-Verlag, 1996. RFC 2385 uses the method broken in Section 4.2 of [1]. HMAC seems to be secure given some reasonable assumptions about the =20 hash functions (namely, that the underlying hash has a compression =20 function that is a PRF - no collision resistance is required); see = http://eprint.iacr.org/2006/043 > > >> These may be the best openly published breaks of MD5 at the moment, > > Mind, there are published "serious attacks" [using NIST's words > from their web site] against SHA-0 and SHA-1 also. Timothy > Miller seemed to suggest in recent email that perhaps the PKIX WG > might enhance the CA structure to increase attack resistance in an > algorithm-independent way. > > Now, may I suggest that folks please LOOK AT and possibly > REDUCE/EDIT the CC line as they reply to this thread going forward. > Items that are PKIX specific likely belong only on the PKIX > list. Ditto for SMIME specific issues to the SMIME list. > That would leave only generic comments for the SAAG list. > Done. David --Apple-Mail-28--530943312 Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIDnjCCA5ow ggKCoAMCAQICAWQwCwYJKoZIhvcNAQEFMG0xFTATBgNVBAMMDERhdmlkIE1jR3JldzETMBEGA1UE CAwKQ2FsaWZvcm5pYTELMAkGA1UEBhMCVVMxETAPBgNVBAcMCFNhbiBKb3NlMR8wHQYJKoZIhvcN AQkBFhBtY2dyZXdAY2lzY28uY29tMB4XDTA4MTIwOTIyMDMzMFoXDTA5MTIwOTIyMDMzMFowbTEV MBMGA1UEAwwMRGF2aWQgTWNHcmV3MRMwEQYDVQQIDApDYWxpZm9ybmlhMQswCQYDVQQGEwJVUzER MA8GA1UEBwwIU2FuIEpvc2UxHzAdBgkqhkiG9w0BCQEWEG1jZ3Jld0BjaXNjby5jb20wggEiMA0G CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDh5WR1gATRK4ubbWwmG2T/XTUeVc2FAxnmtoYy00fM 5jp3DYFXHkWj4Cl8RVVfAJxP/2PhKsTl0qx2b7N9pIZZa6BaODEyJ8yVMRHloHrpzHeU8DIrst/H SFVkcJvl3p9LFD42BCvznzQ48VxnWX68OCk7GAwg6XoKMY8Z1F70PVvcZ0JcbnDuKx0efQ+P74uY UdpjRYSXb2xJUziGs5k6b1kTr5754B3tnYCGkum49YAbONpsOL4R+e4HNNrkVTx254ggrcDb1GDr IpZYCSPh6lZWwOp0XBoJiLYEKXuBf/jSNEv15/Kt/Uu5Oh8jUBxkBHGAVZuaVu25s3Zk9waLAgMB AAGjRzBFMA4GA1UdDwEB/wQEAwIEsDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDBDAbBgNVHREEFDAS gRBtY2dyZXdAY2lzY28uY29tMA0GCSqGSIb3DQEBBQUAA4IBAQCbD+Y6Yu0d5FZHSGd7WTP7vlo+ SE2rF0YzqvcMYrEuu6VBbkOFGfq3leu2WVJinXYQwAgaZ7vJpH43/bjDIK4YuOqAUv57ZQjtCJ6W 6b0rdG8/A2cWcGoDjqmjAGJ4TC8oMIc0h33QPEjsGdon0nsV0QCxrgWcWEjFSzlE6kbR4pT3yA2V zo7byNoDoYpH5otGH0/cRQM9i6ENTytxzczPeNTt2uaMp/3s8MZ5W/0Yz8U/yy5bcS5TGrqgTvN7 mI+nngoJ4TNKapSpdSqCyEK86z51VWtRRFyBosLQsNhMYb7HWzW/mIQCG0SygOVjUcRPKxhYUokR gCmxsHqcL1uMMYIDBDCCAwACAQEwcjBtMRUwEwYDVQQDDAxEYXZpZCBNY0dyZXcxEzARBgNVBAgM CkNhbGlmb3JuaWExCzAJBgNVBAYTAlVTMREwDwYDVQQHDAhTYW4gSm9zZTEfMB0GCSqGSIb3DQEJ ARYQbWNncmV3QGNpc2NvLmNvbQIBZDAJBgUrDgMCGgUAoIIBZzAYBgkqhkiG9w0BCQMxCwYJKoZI hvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wOTAxMDUxODE1MjdaMCMGCSqGSIb3DQEJBDEWBBSXSan/ gRHaf9+QPHq7m6l0XczZ+DCBgQYJKwYBBAGCNxAEMXQwcjBtMRUwEwYDVQQDDAxEYXZpZCBNY0dy ZXcxEzARBgNVBAgMCkNhbGlmb3JuaWExCzAJBgNVBAYTAlVTMREwDwYDVQQHDAhTYW4gSm9zZTEf MB0GCSqGSIb3DQEJARYQbWNncmV3QGNpc2NvLmNvbQIBZDCBgwYLKoZIhvcNAQkQAgsxdKByMG0x FTATBgNVBAMMDERhdmlkIE1jR3JldzETMBEGA1UECAwKQ2FsaWZvcm5pYTELMAkGA1UEBhMCVVMx ETAPBgNVBAcMCFNhbiBKb3NlMR8wHQYJKoZIhvcNAQkBFhBtY2dyZXdAY2lzY28uY29tAgFkMA0G CSqGSIb3DQEBAQUABIIBABVUvthNkhYllLAjRtmJy0tf+00evlXhRTx0bq+50TyFYSf4aSSGW3m+ wkwhu+lCVdLGUZeyfjyDvTDpEPI2Glol6WHM2P0R0L7bL/IC5ZwYv9NAtLuP1e6jOGFzmN9V+bOG 5W5x5qWUCAkJVVScgH2ZAC7+wU2lmWaZMffDY8MKRhsW4Pwjx7r666Yl5LqjWRXLOMLF495KfgFE IdHUcM377I/JRTXvLxZeEs0r6K6+oI+5k/syJLiJ2Gg2OiVX7w6HdODcM6cXNHe5OaXjjvAwFD9K 7Ceckf0Hj42TLmvjEkV31AdWlNEhyl6XFkIDnTaSHRtDtOKgN4fZDIUT5hwAAAAAAAA= --Apple-Mail-28--530943312-- From bps@albawardi.com Mon Jan 5 10:51:05 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CC23328C111; Mon, 5 Jan 2009 10:51:05 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.125 X-Spam-Level: X-Spam-Status: No, score=-6.125 tagged_above=-999 required=5 tests=[BAYES_50=0.001, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_HCC=4.295, HELO_DYNAMIC_IPADDR2=4.395, HELO_EQ_DSL=1.129, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, TVD_RCVD_IP=1.931, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_SBL=20, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LHnlXQfmMAgj; Mon, 5 Jan 2009 10:51:05 -0800 (PST) Received: from 239-232-222-201.adsl.terra.cl (239-232-222-201.adsl.terra.cl [201.222.232.239]) by core3.amsl.com (Postfix) with SMTP id 20C2428C0E2; Mon, 5 Jan 2009 10:50:51 -0800 (PST) Message-ID: From: "Thad Talbot" Date: Mon, 05 Jan 2009 13:50:48 -0500 Subject: Emporio Armani better than you could imagine! To: sip@ietf.org Content-Type: text/plain Content-Transfer-Encoding: 7bit Dear Thad, How about buying yourself a two Vacheron Constantin watches the same day? It's not impossible, mostly when you can get them for a couple hundred bucks http://www.maymiss.com/ Take an extra 15% off your purchase during month of January (2009). http://www.maymiss.com/ Our Vacheron Constantin have all appropriate markings, wordings and engravings same as orginal. Sincerely, Mr Talbot From owner-ietf-smime@mail.imc.org Mon Jan 5 13:42:41 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C3F5928C0D8 for ; Mon, 5 Jan 2009 13:42:41 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.606 X-Spam-Level: X-Spam-Status: No, score=-6.606 tagged_above=-999 required=5 tests=[AWL=-0.007, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fhswOAV9Pzpg for ; Mon, 5 Jan 2009 13:42:40 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id CEEDA3A6903 for ; Mon, 5 Jan 2009 13:42:39 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n05LP2J2054069 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 5 Jan 2009 14:25:03 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n05LP2lC054068; Mon, 5 Jan 2009 14:25:02 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from smtp.nist.gov (rimp2.nist.gov [129.6.16.227]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n05LP0ml054056 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Mon, 5 Jan 2009 14:25:01 -0700 (MST) (envelope-from tim.polk@nist.gov) Received: from [192.168.15.166] (bethany.ncsl.nist.gov [129.6.52.15]) by smtp.nist.gov (8.13.1/8.13.1) with ESMTP id n05LOsIc030165; Mon, 5 Jan 2009 16:24:54 -0500 Mime-Version: 1.0 (Apple Message framework v753.1) Content-Type: text/plain; charset=WINDOWS-1252; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: quoted-printable From: Tim Polk Subject: 3850bis and 3851bis: proposed changes to cryptographic key sizes Date: Mon, 5 Jan 2009 16:24:56 -0500 To: S-MIME / IETF X-Mailer: Apple Mail (2.753.1) X-NIST-MailScanner: Found to be clean X-NIST-MailScanner-From: tim.polk@nist.gov Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Folks, 3850bis and 3851bis are tentatively scheduled for discussion on this =20 week's IESG telechat (Thursday, January 8). Those that read the IETF =20= Last Call email or subscribe to the saag or cfrg mailing lists =20 already know that I have concerns about the cryptographic key sizes =20 specified in these documents (especially the mandate to support 512 =20 bit RSA in 3850bis). While the IETF Last Call was largely silent on =20 this issue, the saag and cfrg feedback indicate that the mandatory to =20= implements should not include cryptography weaker that 1024 bit RSA, =20 but that the interoperability concerns should be clearly specified. I have had some private discussions with one of the authors (Sean), =20 and we have collaborated on some language that would reflect that =20 discussion. However, I understand that this was a sensitive and =20 somewhat controversial topic on the working group list. I would like =20= the working group to review the proposed RFC Editor Notes for 3850bis =20= and 3851bis, and confirm that these changes are acceptable given the =20 feedback received from the wider Internet community. That is, please =20= consider whether the proposed new text addresses the working group's =20 concerns given that the minimum strength of the mandatory to =20 implements need to be raised. Early feedback would be appreciated! Thanks, Tim Polk -------------------- RFC Editor Note for draft-ietf-smime-3850bis (1) In Section 4.2., Certificate and CRL Signing Algorithms and Key =20 Sizes, please make the following substitution: OLD: The following are the RSA key size requirements for S/MIME receiving =20 agents during certificate and CRL signature verification: 0 < key size < 512 : MAY (see Section 6) 512 <=3D key size <=3D 4096 : MUST (see Section 6) 4096 < key size : MAY (see Section 6) The following are the DSA key size requirements for S/MIME receiving =20 agents during certificate and CRL signature verification: 512 <=3D key size <=3D 1023 : MAY (see Section 6) 1024 =3D key size : SHOULD- (see Section 6) NEW: The following are the RSA key size requirements for S/MIME receiving =20 agents during certificate and CRL signature verification: key size <=3D 1023 : MAY (see Section 6) 1024 <=3D key size <=3D 4096 : MUST (see Section 6) 4096 < key size : MAY (see Section 6) The following are the DSA key size requirements for S/MIME receiving =20 agents during certificate and CRL signature verification: key size <=3D 1023 : MAY (see Section 6) 1024 =3D key size : SHOULD- (see Section 6) (2) In Section 6 Security Considerations, please make the following =20 substitution: OLD: The 4096-bit RSA key size requirement for certificate and CRL =20 verification is larger than the 2048-bit RSA key sizes for message =20 signature generation/verification or message encryption/decryption in =20= [SMIME-MSG] because many Root CAs included in certificate stores have =20= already issued Root certificates with 4096-bit key. The standard =20 that defines comparable key sizes for DSA is not yet available. In =20 particular, [FIPS186-2] without Change Notice 1 allowed DSA key sizes =20= between 512 and 1024 bits and [FIPS186-2] with Change Notice 1 only =20 allowed DSA key sizes of 1024 bits. A revision to support larger key =20= sizes is being developed, and once it is available, implementors =20 ought to support DSA key sizes comparable to the RSA key sizes =20 recommended in this specification. Today, 512-bit RSA and DSA keys are considered by many experts to be =20 cryptographically insecure. NEW: The 4096-bit RSA key size requirement for certificate and CRL =20 verification is larger than the 2048-bit RSA key sizes for message =20 signature generation/verification or message encryption/decryption in =20= [SMIME-MSG] because many Root CAs included in certificate stores have =20= already issued Root certificates with 4096-bit key. The standard =20 that defines comparable key sizes for DSA is not yet available. In =20 particular, [FIPS186-2] without Change Notice 1 allowed DSA key sizes =20= between 512 and 1024 bits and [FIPS186-2] with Change Notice 1 only =20 allowed DSA key sizes of 1024 bits. A revision to support larger key =20= sizes is being developed, and once it is available, implementors =20 ought to support DSA key sizes comparable to the RSA key sizes =20 recommended in this specification. Further, 4096-bit keys are =20 normally only used by Root certificates and not by subordinate CA =20 certificates; thereby, lengthening the Root CA certificate=92s validity =20= period. RSA and DSA keys of less than 1024 bits are now considered by many =20 experts to be cryptographically insecure (due to advances in =20 computing power), and should no longer be used to sign certificates =20 or CRLs. Such keys were previously considered secure, so processing =20 previously received signed and encrypted mail may require processing =20 certificates or CRLs signed with weak keys. Implementations that =20 wish to support previous versions of S/MIME or process old messages =20 need to consider the security risks that result from accepting =20 certificates and CRLs with smaller key sizes (e.g., spoofed =20 certificates) versus the costs of denial of service. If an =20 implementation supports verification of certificates or CRLs =20 generated with RSA and DSA keys of less than 1024 bits, it MUST warn =20 the user. Implementers should consider providing a stronger warning =20 for weak signatures on certificates and CRLs associated with newly =20 received messages than the one provided for certificates and CRLs =20 associated with previously stored messages. Server implementations =20 (e.g., secure mail list servers) where user warnings are not =20 appropriate SHOULD reject messages with weak cryptography. --- end of RFC Editor Note for draft-ietf-smime-3850bis --- RFC Editor Note for draft-ietf-smime-3851bis (1) In Section 4.2 Signature Generation, please make the following =20 substitution: From: The following are the requirements for an S/MIME agent generated RSA =20 signatures: 512 <=3D key size < 1024 : MAY (see Security Considerations) 1024 <=3D key size <=3D 2048 : SHOULD (see Security Considerations) 2048 < key size : MAY (see Security Considerations) The following are the requirements for an S/MIME agent generated DSA =20 signatures: 512 <=3D key size <=3D 1023 : MAY (see Security Considerations) 1024 =3D key size : SHOULD- (see Security Considerations) To: The following are the requirements for an S/MIME agent generated RSA =20 signatures: key size <=3D 1023 : MAY (see Security Considerations) 1024 <=3D key size <=3D 2048 : SHOULD (see Security Considerations) 2048 < key size : MAY (see Security Considerations) The following are the requirements for an S/MIME agent generated DSA =20 signatures: key size <=3D 1023 : MAY (see Security Considerations) 1024 =3D key size : SHOULD- (see Security Considerations) (2) In Section 4.3 Signature Verification, please make the following =20 substitution: OLD: The following are the requirements for S/MIME receiving agents during =20= signature verification of RSA signatures: 512 <=3D key size <=3D 2048 : MUST (see Security Considerations) 2048 < key size : MAY (see Security Considerations) The following are the requirements for S/MIME receiving agents during =20= signature verification of DSA signatures: 512 <=3D key size <=3D 1023 : MAY (see Security Considerations) 1024 =3D key size : SHOULD- (see Security Considerations) NEW: The following are the requirements for S/MIME receiving agents during =20= signature verification of RSA signatures: key size <=3D 1023 : MAY (see Security Considerations) 1024 <=3D key size <=3D 2048 : MUST (see Security Considerations) 2048 < key size : MAY (see Security Considerations) The following are the requirements for S/MIME receiving agents during =20= signature verification of DSA signatures: key size <=3D 1023 : MAY (see Security Considerations) 1024 =3D key size : SHOULD- (see Security Considerations) (3) In Section 6 Security Considerations, please make the following =20 substitution: OLD: Today, 512-bit RSA and DSA keys are considered by many experts to be =20 cryptographically insecure. Using weak cryptography in S/MIME offers little actual security over =20 sending plaintext. However, other features of S/MIME, such as the =20 specification of AES and the ability to announce stronger =20 cryptographic capabilities to parties with whom you communicate, =20 allow senders to create messages that use strong encryption. Using =20 weak cryptography is never recommended unless the only alternative is =20= no cryptography. When feasible, sending and receiving agents SHOULD =20 inform senders and recipients of the relative cryptographic strength =20 of messages. NEW: Using weak cryptography in S/MIME offers little actual security over =20 sending plaintext. However, other features of S/MIME, such as the =20 specification of AES and the ability to announce stronger =20 cryptographic capabilities to parties with whom you communicate, =20 allow senders to create messages that use strong encryption. Using =20 weak cryptography is never recommended unless the only alternative is =20= no cryptography. RSA and DSA keys of less than 1024 bits are now considered by many =20 experts to be cryptographically insecure (due to advances in =20 computing power), and should no longer be used to protect messages. =20 Such keys were previously considered secure, so processing previously =20= received signed and encrypted mail will often result in the use of =20 weak keys. Implementations that wish to support previous versions of =20 S/MIME or process old messages need to consider the security risks =20 that result from smaller key sizes (e.g., spoofed messages) versus =20 the costs of denial of service. If an implementation supports =20 verification of digital signatures generated with RSA and DSA keys of =20= less than 1024 bits, it MUST warn the user. Implementers should =20 consider providing different warnings for newly received messages and =20= previously stored messages. Server implementations (e.g., secure =20 mail list servers) where user warnings are not appropriate SHOULD =20 reject messages with weak signatures. --- end of RFC Editor Note for draft-ietf-smime-3851bis --- From owner-ietf-smime@mail.imc.org Mon Jan 5 14:17:29 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DF88728C138 for ; Mon, 5 Jan 2009 14:17:29 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4dMslV44Mfyu for ; Mon, 5 Jan 2009 14:17:29 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id C5C9C28C12D for ; Mon, 5 Jan 2009 14:17:28 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n05M5TmH055557 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 5 Jan 2009 15:05:29 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n05M5TM3055556; Mon, 5 Jan 2009 15:05:29 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from [10.20.30.158] (sn81.proper.com [75.101.18.81]) (authenticated bits=0) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n05M5QDS055544 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 5 Jan 2009 15:05:27 -0700 (MST) (envelope-from phoffman@imc.org) Mime-Version: 1.0 Message-Id: In-Reply-To: References: Date: Mon, 5 Jan 2009 14:05:24 -0800 To: Tim Polk , S-MIME / IETF From: Paul Hoffman Subject: Re: 3850bis and 3851bis: proposed changes to cryptographic key sizes Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: At 4:24 PM -0500 1/5/09, Tim Polk wrote: >I have had some private discussions with one of the authors (Sean), and we have collaborated on some language that would reflect that discussion. However, I understand that this was a sensitive and somewhat controversial topic on the working group list. I would like the working group to review the proposed RFC Editor Notes for 3850bis and 3851bis, and confirm that these changes are acceptable given the feedback received from the wider Internet community. That is, please consider whether the proposed new text addresses the working group's concerns given that the minimum strength of the mandatory to implements need to be raised. The new ranges and new text work for me. What does *not* work for me is this being done as an RFC Editor note. It should be done instead as a new draft before IESG consideration so the whole IETF community can see the changes. The IETF is supposed to be working on transparency, and keeping these out of the Internet Draft hurts that effort. From owner-ietf-smime@mail.imc.org Mon Jan 5 15:35:42 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6192F3A677E for ; Mon, 5 Jan 2009 15:35:42 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.757 X-Spam-Level: X-Spam-Status: No, score=-5.757 tagged_above=-999 required=5 tests=[AWL=0.289, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F+YTWSP+fUdn for ; Mon, 5 Jan 2009 15:35:41 -0800 (PST) Received: from balder-227.proper.com (Balder-227.Proper.COM [192.245.12.227]) by core3.amsl.com (Postfix) with ESMTP id 957E23A63D2 for ; Mon, 5 Jan 2009 15:35:41 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n05NJinV058422 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 5 Jan 2009 16:19:44 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n05NJiY3058420; Mon, 5 Jan 2009 16:19:44 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from jackfruit.srv.cs.cmu.edu (JACKFRUIT.SRV.CS.CMU.EDU [128.2.201.16]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n05NJWTk058399 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Mon, 5 Jan 2009 16:19:43 -0700 (MST) (envelope-from jhutz@cmu.edu) Received: from MINBAR.FAC.CS.CMU.EDU (MINBAR.FAC.CS.CMU.EDU [128.2.216.42]) (authenticated bits=0) by jackfruit.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id n05NJOQL025577 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 5 Jan 2009 18:19:25 -0500 (EST) Date: Mon, 05 Jan 2009 18:19:24 -0500 From: Jeffrey Hutzelman To: Philipp Guehring , Santosh Chokhani cc: cfrg@irtf.org, ietf-smime@imc.org, saag@ietf.org, ietf-pkix@imc.org, jhutz@cmu.edu Subject: Re: [saag] Further MD5 breaks: Creating a rogue CA certificate Message-ID: <8000C8B414F892C162CFE699@minbar.fac.cs.cmu.edu> In-Reply-To: <200901050658.n056wm4K021787@toasties.srv.cs.cmu.edu> References: <200812301605.mBUG5cKU027325@raisinbran.srv.cs.cmu.edu> <9535147E88DA266C69B983D0@atlantis.pc.cs.cmu.edu> <9D2E555A-7A24-4FA7-ABF9-33F6F55AA8F2@checkpoint.com> <200901050658.n056wm4K021787@toasties.srv.cs.cmu.edu> X-Mailer: Mulberry/4.0.8 (Linux/x86) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Scanned-By: mimedefang-cmuscs on 128.2.201.16 Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: --On Thursday, January 01, 2009 05:01:33 AM +0100 Philipp Guehring wrote: >> It should be noted, though, that yanking the trust anchors is not >> enough. You really should change the relying party to not recognize >> this algorithm. Otherwise, it's perfectly valid for a CA whose >> certificate is signed with SHA1 to sign an intermediate CA certificate >> with MD5 (although they usually don't do that, I hope) > > I also thought so, but then I realized that if we invalidate MD5 > completely, then we would also invalidate root certificates that are MD5 > self-signed, which isn't a security issue. So that would give lots of > unnecessary false-positives. Except that the validation process doesn't actually need to check the signature on a "root certificate", because that signature is not part of the chain. > I would like to propose the following idea: > > We should define a date for expiring MD5 in certificate chains for the > Internet. I would suggest the 1. June 2009, which is 6 months from now. Hahahahaha! If we all agreed, today, that this is the right approach, and the browser vendors all agreed with us, and they all managed to have updated versions available, by, say, next week... It would be after June before anyone even had the new software. If we're going to propose that browser vendors make a software change, it should not be to remove MD5 support; it should be to allow configuration of which signature algorithms are supported, just as they allow configuration of which TLS ciphersuites are supported. It certainly should _not_ be to generate a warning every time an MD5 signature is used. All that will do is train users to click away security warnings without reading them, which they are already quite good at. -- Jeff From owner-ietf-smime@mail.imc.org Mon Jan 5 17:10:25 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7AC593A68DA for ; Mon, 5 Jan 2009 17:10:25 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -103.399 X-Spam-Level: X-Spam-Status: No, score=-103.399 tagged_above=-999 required=5 tests=[AWL=3.200, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5gI0YGo550mr for ; Mon, 5 Jan 2009 17:10:19 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id D71A03A63D2 for ; Mon, 5 Jan 2009 17:10:18 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n060xoK3062805 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 5 Jan 2009 17:59:50 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n060xo5h062804; Mon, 5 Jan 2009 17:59:50 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from mail.ietf.org (mail.ietf.org [64.170.98.32]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n060xok7062795 for ; Mon, 5 Jan 2009 17:59:50 -0700 (MST) (envelope-from root@core3.amsl.com) Received: by core3.amsl.com (Postfix, from userid 0) id 0838D3A6825; Mon, 5 Jan 2009 17:00:01 -0800 (PST) From: Internet-Drafts@ietf.org To: i-d-announce@ietf.org Cc: ietf-smime@imc.org Subject: I-D ACTION:draft-ietf-smime-3278bis-05.txt Content-Type: Multipart/Mixed; Boundary="NextPart" Mime-Version: 1.0 Message-Id: <20090106010002.0838D3A6825@core3.amsl.com> Date: Mon, 5 Jan 2009 17:00:02 -0800 (PST) Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the S/MIME Mail Security Working Group of the IETF. Title : Use of Elliptic Curve Cryptography (ECC) Algorithms in Cryptographic Message Syntax (CMS) Author(s) : S. Turner, D. Brown Filename : draft-ietf-smime-3278bis-05.txt Pages : 56 Date : 2009-1-5 This document describes how to use Elliptic Curve Cryptography (ECC) public-key algorithms in the Cryptographic Message Syntax (CMS). The ECC algorithms support the creation of digital signatures and the exchange of keys to encrypt or authenticate content. The definition of the algorithm processing is based on the NIST FIPS 186-3 for digital signature, NIST SP800-56A and SEC1 for key agreement, RFC 3370 and RFC 3565 for key wrap and content encryption, NIST FIPS 180- 3 for message digest, SEC1 for key derivation, and RFC 2104 and RFC 4231 for message authentication code standards. This document obsoletes RFC 3278. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-smime-3278bis-05.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Message/External-body; name="draft-ietf-smime-3278bis-05.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2009-1-5165634.I-D@ietf.org> --NextPart-- From owner-ietf-smime@mail.imc.org Mon Jan 5 19:08:46 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BF4843A689D for ; Mon, 5 Jan 2009 19:08:46 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.293 X-Spam-Level: X-Spam-Status: No, score=-4.293 tagged_above=-999 required=5 tests=[AWL=1.754, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sJG0mze0Bd5v for ; Mon, 5 Jan 2009 19:08:45 -0800 (PST) Received: from balder-227.proper.com (Balder-227.Proper.COM [192.245.12.227]) by core3.amsl.com (Postfix) with ESMTP id DCA513A63D2 for ; Mon, 5 Jan 2009 19:08:45 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n062uZRp068427 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 5 Jan 2009 19:56:35 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n062uYqX068422; Mon, 5 Jan 2009 19:56:34 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from mx11.bbn.com (mx11.bbn.com [128.33.0.80]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n062uLeo068402; Mon, 5 Jan 2009 19:56:31 -0700 (MST) (envelope-from kent@bbn.com) Received: from dommiel.bbn.com ([192.1.122.15] helo=[10.16.95.209]) by mx11.bbn.com with esmtp (Exim 4.60) (envelope-from ) id 1LK26z-0000cO-DW; Mon, 05 Jan 2009 21:56:09 -0500 Mime-Version: 1.0 Message-Id: In-Reply-To: <496214E9.6010902@mitre.org> References: <495BA5E9.8040305@pobox.com> <1b587cab0901010706j6e8cd2f8pf23345660a4825a5@mail.gmail.com> <495D0100.6000200@links.org> <495D1C0A.2080105@links.org> <496214E9.6010902@mitre.org> Date: Mon, 5 Jan 2009 21:53:15 -0500 To: "Timothy J. Miller" From: Stephen Kent Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Cc: Ben Laurie , Santosh Chokhani , Paul Hoffman , "cfrg@irtf.org" , "ietf-smime@imc.org" , "saag@ietf.org" , "ietf-pkix@imc.org" , "mike-list@pobox.com" Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: At 8:10 AM -0600 1/5/09, Timothy J. Miller wrote: >Ben Laurie wrote: > >>I am not suggesting that we should fix X.509, I am pointing out, in my >>own roundabout way, that X.509 certs are supposed to have a canonical >>form. But it seems they do not. > >That was last month's major discussion on PKIX. The upshot: there's >no canonical form other than what's in memory. > >-- Tim Tim, Your response is an oversimplification, in several respects. Ben's comment was a bit ill-formed. It's not that certs in general do or do not have a canonical form, but whether a given cert has a canonical representation. If the cert has no extensions, then it does. If it has extensions, then since the top level extension syntax is a SEQUENCE, there the order of extensions in that sequence (when the cert was signed) is definitive. (if that syntax had called for a SET, then DER encoding would impose an order at this level, so use of the SEQUENCE construct here make life a bit easier.) The context in which there is some disagreement is whether an extension needs to be DER encoded below the next level, where it is defined as an OCTET string. If one stops at the OCTET string level, the life is easy and an RP can always encode to DER upon receipt (since the base cert format IS known by all RPs and they are technically capable of encoding it in DER). If one interprets X.509 to require DER for the lower levels of the structure of a cert extension, then a problem can arise. It was noted that a non-critical extension (which therefore ought not be rejected out of hand by an RP) might have a syntax unknown to an RP. Thus the RP needs to assume that what it received is DER encoded when computing the signature, as it has no way to recompute the DER. Steve From owner-ietf-smime@mail.imc.org Mon Jan 5 19:25:12 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D4F683A68E4 for ; Mon, 5 Jan 2009 19:25:12 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.608 X-Spam-Level: X-Spam-Status: No, score=-4.608 tagged_above=-999 required=5 tests=[AWL=1.438, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ybcsF+UhCGp3 for ; Mon, 5 Jan 2009 19:25:11 -0800 (PST) Received: from balder-227.proper.com (Balder-227.Proper.COM [192.245.12.227]) by core3.amsl.com (Postfix) with ESMTP id 9A9C328C0E0 for ; Mon, 5 Jan 2009 19:25:10 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n063EnT3069461 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 5 Jan 2009 20:14:49 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n063Enq8069459; Mon, 5 Jan 2009 20:14:49 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from vms046pub.verizon.net (vms046pub.verizon.net [206.46.252.46]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n063EcWn069425; Mon, 5 Jan 2009 20:14:48 -0700 (MST) (envelope-from tim.polk@nist.gov) Received: from [192.168.1.5] ([71.191.34.86]) by vms046.mailsrvcs.net (Sun Java System Messaging Server 6.2-6.01 (built Apr 3 2006)) with ESMTPA id <0KD100JG84ZXL565@vms046.mailsrvcs.net>; Mon, 05 Jan 2009 21:14:21 -0600 (CST) Date: Mon, 05 Jan 2009 22:14:22 -0500 From: Tim Polk Subject: Re: 3850bis and 3851bis: proposed changes to cryptographic key sizes In-reply-to: To: Paul Hoffman Cc: S-MIME / IETF Message-id: MIME-version: 1.0 (Apple Message framework v753.1) X-Mailer: Apple Mail (2.753.1) Content-type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Content-transfer-encoding: 7bit References: Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: On Jan 5, 2009, at 5:05 PM, Paul Hoffman wrote: > At 4:24 PM -0500 1/5/09, Tim Polk wrote: >> I have had some private discussions with one of the authors >> (Sean), and we have collaborated on some language that would >> reflect that discussion. However, I understand that this was a >> sensitive and somewhat controversial topic on the working group >> list. I would like the working group to review the proposed RFC >> Editor Notes for 3850bis and 3851bis, and confirm that these >> changes are acceptable given the feedback received from the wider >> Internet community. That is, please consider whether the proposed >> new text addresses the working group's concerns given that the >> minimum strength of the mandatory to implements need to be raised. > > The new ranges and new text work for me. > > What does *not* work for me is this being done as an RFC Editor > note. It should be done instead as a new draft before IESG > consideration so the whole IETF community can see the changes. The > IETF is supposed to be working on transparency, and keeping these > out of the Internet Draft hurts that effort. I have to agree, these changes are too substantial to be buried in an RFC Editor Note while it sits in queue. It is a nice format to frame the discussion, though. If the working group is happy, I will ask the editors for new drafts before I request an approval announcement. From bi@garmann.no Mon Jan 5 22:12:40 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3598D3A68BA; Mon, 5 Jan 2009 22:12:40 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.376 X-Spam-Level: X-Spam-Status: No, score=-0.376 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_HCC=4.295, HELO_DYNAMIC_IPADDR2=4.395, HELO_EQ_BR=0.955, HELO_EQ_DSL=1.129, HOST_EQ_BR=1.295, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, TVD_RCVD_IP=1.931, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_SBL=20, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P4vcExQwwx1i; Mon, 5 Jan 2009 22:12:38 -0800 (PST) Received: from 200-181-84-24.bsace705.dsl.brasiltelecom.net.br (200-181-84-24.bsace705.dsl.brasiltelecom.net.br [200.181.84.24]) by core3.amsl.com (Postfix) with SMTP id 564F03A69B8; Mon, 5 Jan 2009 22:12:21 -0800 (PST) Message-ID: From: "Carson Shearer" Date: Tue, 06 Jan 2009 01:12:16 -0500 Subject: Franck Muller watch models from 2009! To: sip@ietf.org Content-Type: text/plain Content-Transfer-Encoding: 7bit Dear Carson, New Year is the time to get Breitling watch, and the only place to get top notch watches that look and perform exactly like the originals is http://www.maypad.com/ We are offering wholesaler prices on all watches during the month of January 2009. http://www.maypad.com/ Our Breitling have all appropriate markings, wordings and engravings same as orginal. Sincerely, Mr Shearer From owner-ietf-smime@mail.imc.org Tue Jan 6 00:57:07 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 126413A68A4 for ; Tue, 6 Jan 2009 00:57:07 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.699 X-Spam-Level: X-Spam-Status: No, score=-5.699 tagged_above=-999 required=5 tests=[AWL=0.900, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EI6ky0LND4YK for ; Tue, 6 Jan 2009 00:57:05 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 551D23A686D for ; Tue, 6 Jan 2009 00:57:05 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n068iKVi085152 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 6 Jan 2009 01:44:20 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n068iKfH085149; Tue, 6 Jan 2009 01:44:20 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from mailhost.auckland.ac.nz (larry.its.auckland.ac.nz [130.216.12.34]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n068i7L1085128; Tue, 6 Jan 2009 01:44:19 -0700 (MST) (envelope-from pgut001@cs.auckland.ac.nz) Received: from localhost (localhost.localdomain [127.0.0.1]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id 7CAC71A20F; Tue, 6 Jan 2009 21:44:06 +1300 (NZDT) X-Virus-Scanned: by amavisd-new at mailhost.auckland.ac.nz Received: from mailhost.auckland.ac.nz ([127.0.0.1]) by localhost (larry.its.auckland.ac.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wXHL334utc-6; Tue, 6 Jan 2009 21:44:06 +1300 (NZDT) Received: from iris.cs.auckland.ac.nz (iris.cs.auckland.ac.nz [130.216.33.152]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id 057771A202; Tue, 6 Jan 2009 21:44:00 +1300 (NZDT) Received: from wintermute01.cs.auckland.ac.nz (wintermute01.cs.auckland.ac.nz [130.216.34.38]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by iris.cs.auckland.ac.nz (Postfix) with ESMTP id 78D7D1BE4002; Tue, 6 Jan 2009 21:43:56 +1300 (NZDT) Received: from pgut001 by wintermute01.cs.auckland.ac.nz with local (Exim 4.63) (envelope-from ) id 1LK7XY-0004kA-BQ; Tue, 06 Jan 2009 21:43:56 +1300 From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: tmiller@mitre.org, ynir@checkpoint.com Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Cc: cfrg@irtf.org, ietf-pkix@imc.org, ietf-smime@imc.org, mike-list@pobox.com, pmhesse@geminisecurity.com, rgm-sec@htt-consult.com, saag@ietf.org In-Reply-To: <49621BD4.1020909@mitre.org> Message-Id: Date: Tue, 06 Jan 2009 21:43:56 +1300 Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: "Timothy J. Miller" writes: >The only reliable way to nuke a trusted cert from Windows is touch management >of workstations. It's worse than that, there is no reliable way to remove trusted certs from Windows. See Paul Hoffman's analysis at http://www.proper.com/root-cert-problem/. Peter. From jonathan@affinbank.com.my Tue Jan 6 01:51:03 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 84DDB3A68E4 for ; Tue, 6 Jan 2009 01:51:03 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -19.931 X-Spam-Level: X-Spam-Status: No, score=-19.931 tagged_above=-999 required=5 tests=[BAYES_99=3.5, GB_I_LETTER=-2, HTML_IMAGE_ONLY_16=1.526, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_2=0.001, MIME_HTML_ONLY=1.457, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_XBL=3.033, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3GyxTSrNCKjs for ; Tue, 6 Jan 2009 01:51:02 -0800 (PST) Received: from ip22.bb28.pacific.net.hk (ip22.bb28.pacific.net.hk [202.64.28.22]) by core3.amsl.com (Postfix) with SMTP id AAAF43A68D0 for ; Tue, 6 Jan 2009 01:50:59 -0800 (PST) To: Subject: Your order 94052 From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090106095101.AAAF43A68D0@core3.amsl.com> Date: Tue, 6 Jan 2009 01:50:59 -0800 (PST)
About this mailing:
You are receiving this e-mail because you subscribed to MSN Featured Offers. Microsoft respects your privacy. If you do not wish to receive this MSN Featured Offers e-mail, please click the "Unsubscribe" link below. This will not unsubscribe you from e-mail communications from third-party advertisers that may appear in MSN Feature Offers. This shall not constitute an offer by MSN. MSN shall not be responsible or liable for the advertisers' content nor any of the goods or service advertised. Prices and item availability subject to change without notice.

©2008 Microsoft | Unsubscribe | More Newsletters | Privacy

Microsoft Corporation, One Microsoft Way, Redmond, WA 31903
From ncastaneda@ags.gob.mx Tue Jan 6 04:43:43 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BA7BD3A67AF for ; Tue, 6 Jan 2009 04:43:43 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -13.262 X-Spam-Level: X-Spam-Status: No, score=-13.262 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, GB_I_LETTER=-2, HELO_EQ_CZ=0.445, HOST_EQ_CZ=0.904, HTML_IMAGE_ONLY_16=1.526, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_2=0.001, MIME_HTML_ONLY=1.457, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_UNI=0.591, TVD_RCVD_IP=1.931, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GbZGwSijWGFu for ; Tue, 6 Jan 2009 04:43:37 -0800 (PST) Received: from 10-169-150-82.gw.cz (10-169-150-82.gw.cz [82.150.169.10]) by core3.amsl.com (Postfix) with SMTP id 1D8583A6768 for ; Tue, 6 Jan 2009 04:43:35 -0800 (PST) To: Subject: Re: Order status 29248 From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090106124336.1D8583A6768@core3.amsl.com> Date: Tue, 6 Jan 2009 04:43:35 -0800 (PST)
About this mailing:
You are receiving this e-mail because you subscribed to MSN Featured Offers. Microsoft respects your privacy. If you do not wish to receive this MSN Featured Offers e-mail, please click the "Unsubscribe" link below. This will not unsubscribe you from e-mail communications from third-party advertisers that may appear in MSN Feature Offers. This shall not constitute an offer by MSN. MSN shall not be responsible or liable for the advertisers' content nor any of the goods or service advertised. Prices and item availability subject to change without notice.

©2008 Microsoft | Unsubscribe | More Newsletters | Privacy

Microsoft Corporation, One Microsoft Way, Redmond, WA 97406
From jobs@affinitybiologicals.com Tue Jan 6 06:36:50 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 91D473A6358 for ; Tue, 6 Jan 2009 06:36:50 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -30.807 X-Spam-Level: X-Spam-Status: No, score=-30.807 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_DHCP=1.398, HELO_DYNAMIC_HCC=4.295, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_DSL=1.129, HTML_IMAGE_ONLY_04=2.041, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_1=0.001, MIME_HTML_ONLY=1.457, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_HTML_A_BODY=0.742, SARE_HTML_IMG_ONLY=1.666, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_RHS_DOB=1.083, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yXj4p3ft91op for ; Tue, 6 Jan 2009 06:36:50 -0800 (PST) Received: from adsl196-27-71-217-196.adsl196-11.iam.net.ma (adsl196-27-71-217-196.adsl196-11.iam.net.ma [196.217.71.27]) by core3.amsl.com (Postfix) with SMTP id 51FAE3A6892 for ; Tue, 6 Jan 2009 06:36:48 -0800 (PST) To: Subject: Don't disappear now! From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090106143649.51FAE3A6892@core3.amsl.com> Date: Tue, 6 Jan 2009 06:36:48 -0800 (PST) Having trouble viewing this email? Click here to view as a webpage. From owner-ietf-smime@mail.imc.org Tue Jan 6 07:25:55 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B06543A687D for ; Tue, 6 Jan 2009 07:25:55 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.58 X-Spam-Level: X-Spam-Status: No, score=-6.58 tagged_above=-999 required=5 tests=[AWL=0.019, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id muM5-1X7gWgn for ; Tue, 6 Jan 2009 07:25:54 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 405143A683A for ; Tue, 6 Jan 2009 07:25:53 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n06E91dt004043 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 6 Jan 2009 07:09:01 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n06E918k004041; Tue, 6 Jan 2009 07:09:01 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from smtp-bedford.mitre.org (smtp-bedford.mitre.org [129.83.20.191]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n06E8iNh004015; Tue, 6 Jan 2009 07:08:54 -0700 (MST) (envelope-from tmiller@mitre.org) Received: from smtp-bedford.mitre.org (localhost.localdomain [127.0.0.1]) by smtp-bedford.mitre.org (8.13.1/8.13.1) with ESMTP id n06E8eNx012872; Tue, 6 Jan 2009 09:08:42 -0500 Received: from imchub2.MITRE.ORG (imchub2.mitre.org [129.83.29.74]) by smtp-bedford.mitre.org (8.13.1/8.13.1) with ESMTP id n06E8dZg012792; Tue, 6 Jan 2009 09:08:39 -0500 Received: from [129.83.200.4] (129.83.200.4) by imchub2.MITRE.ORG (129.83.29.74) with Microsoft SMTP Server (TLS) id 8.1.311.2; Tue, 6 Jan 2009 09:08:39 -0500 Message-ID: <496365C7.4040804@mitre.org> Date: Tue, 6 Jan 2009 08:08:07 -0600 From: "Timothy J. Miller" User-Agent: Thunderbird 2.0.0.19 (Windows/20081209) MIME-Version: 1.0 To: Peter Gutmann CC: "ynir@checkpoint.com" , "cfrg@irtf.org" , "ietf-pkix@imc.org" , "ietf-smime@imc.org" , "mike-list@pobox.com" , "pmhesse@geminisecurity.com" , "rgm-sec@htt-consult.com" , "saag@ietf.org" Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate References: In-Reply-To: Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms000103090206070301000309" Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: --------------ms000103090206070301000309 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Peter Gutmann wrote: > "Timothy J. Miller" writes: > >> The only reliable way to nuke a trusted cert from Windows is touch management >> of workstations. > > It's worse than that, there is no reliable way to remove trusted certs from > Windows. See Paul Hoffman's analysis at > http://www.proper.com/root-cert-problem/. I've corresponded with Paul about that in the past. Root auto-installation can be disabled, users can be blocked from installing roots in both the machine and user store (requires domain GPO, IIRC), and subjectInfoAccess chasing can be disabled (Vista "feature"). Incomplete answer for general users, yes, but it's there nonetheless. Presumably if you're touch managing workstations for trust anchor removal you can verify that these settings are all in place. :) The roots that shouldn't be removed are the ones needed to boot (i.e., validate authenticode signatures). That's more than a few in XP. -- Tim --------------ms000103090206070301000309 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIKvjCC A2cwggJPoAMCAQICAh8FMA0GCSqGSIb3DQEBBQUAMF0xEjAQBgNVBAoTCW1pdHJlLm9yZzEe MBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MScwJQYDVQQDEx5NSVRSRSBDb3Jwb3Jh dGlvbiBQcmltYXJ5IENBLTEwHhcNMDgwODIxMTUzMTI5WhcNMTAwMjEyMTUzMTI5WjBaMRIw EAYDVQQKEwltaXRyZS5vcmcxDzANBgNVBAsTBnBlb3BsZTEXMBUGCgmSJomT8ixkAQETB3Rt aWxsZXIxGjAYBgNVBAMTEU1pbGxlciBUaW1vdGh5IEouMIGfMA0GCSqGSIb3DQEBAQUAA4GN ADCBiQKBgQCTxM+z5fDKvmBInGatv0DkVwuOxd69S2M2jho8QkOltYJK/4JUm9uK0UtQZkyI bEjmCpmXLw17iMCgA0SjwuUfJxdF8ntTys8keyMjRdlKSwFnkgZl9tL7o060LBtZQYzI5ajr W9k3N768G/k1bZS5UYiMGHU5+Ygl4IwVhmQv3wIDAQABo4G3MIG0MA4GA1UdDwEB/wQEAwIF 4DAdBgNVHQ4EFgQUSXARqmj5Bl2Lz7RLoUIkuOHl0MkwHwYDVR0jBBgwFoAUh7QPSI1iM0LB LVEaSB7CnrsKsa0wRAYDVR0fBD0wOzA5oDegNYYzaHR0cDovL3d3dy5taXRyZS5vcmcvdGVj aC9taWkvcGtpL2NhMV9taXRyZV9vcmcuY3JsMBwGA1UdEQQVMBOBEXRtaWxsZXJAbWl0cmUu b3JnMA0GCSqGSIb3DQEBBQUAA4IBAQAbA1PH/hed/rryO1f0yfTRJnD/vL1rFTduUut/irL7 FSXHGybuPHxydfyGPvJ4qj+T8hs1W0jTa2zQnaPR52tms3hefl76CNVP9vJoVmaM9svFX4DX 6eJh/4SAI81tAuBIK8gxsWd1Va/Bnnh1/wsZLc8w2jkojVqkT2AHPaHS3DBKX7QAWovXVSxY QlqMIH4zvSNSVfpvpIf0MWJWRBPvgerVSbJsA4dz6ziKvXDWySTV9zwSuNjikNqL//nIKwjb r3ZOfSUOxSuhW58an2Ha4TdORvG4dGJEsMzxbpTB+wt/s6tK6roONV4uiDtODBNVAG+XGofe McsS0b7iXdxDMIIDZzCCAk+gAwIBAgICHwUwDQYJKoZIhvcNAQEFBQAwXTESMBAGA1UEChMJ bWl0cmUub3JnMR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxJzAlBgNVBAMTHk1J VFJFIENvcnBvcmF0aW9uIFByaW1hcnkgQ0EtMTAeFw0wODA4MjExNTMxMjlaFw0xMDAyMTIx NTMxMjlaMFoxEjAQBgNVBAoTCW1pdHJlLm9yZzEPMA0GA1UECxMGcGVvcGxlMRcwFQYKCZIm iZPyLGQBARMHdG1pbGxlcjEaMBgGA1UEAxMRTWlsbGVyIFRpbW90aHkgSi4wgZ8wDQYJKoZI hvcNAQEBBQADgY0AMIGJAoGBAJPEz7Pl8Mq+YEicZq2/QORXC47F3r1LYzaOGjxCQ6W1gkr/ glSb24rRS1BmTIhsSOYKmZcvDXuIwKADRKPC5R8nF0Xye1PKzyR7IyNF2UpLAWeSBmX20vuj TrQsG1lBjMjlqOtb2Tc3vrwb+TVtlLlRiIwYdTn5iCXgjBWGZC/fAgMBAAGjgbcwgbQwDgYD VR0PAQH/BAQDAgXgMB0GA1UdDgQWBBRJcBGqaPkGXYvPtEuhQiS44eXQyTAfBgNVHSMEGDAW gBSHtA9IjWIzQsEtURpIHsKeuwqxrTBEBgNVHR8EPTA7MDmgN6A1hjNodHRwOi8vd3d3Lm1p dHJlLm9yZy90ZWNoL21paS9wa2kvY2ExX21pdHJlX29yZy5jcmwwHAYDVR0RBBUwE4ERdG1p bGxlckBtaXRyZS5vcmcwDQYJKoZIhvcNAQEFBQADggEBABsDU8f+F53+uvI7V/TJ9NEmcP+8 vWsVN25S63+KsvsVJccbJu48fHJ1/IY+8niqP5PyGzVbSNNrbNCdo9Hna2azeF5+XvoI1U/2 8mhWZoz2y8VfgNfp4mH/hIAjzW0C4EgryDGxZ3VVr8GeeHX/CxktzzDaOSiNWqRPYAc9odLc MEpftABai9dVLFhCWowgfjO9I1JV+m+kh/QxYlZEE++B6tVJsmwDh3PrOIq9cNbJJNX3PBK4 2OKQ2ov/+cgrCNuvdk59JQ7FK6FbnxqfYdrhN05G8bh0YkSwzPFulMH7C3+zq0rqug41Xi6I O04ME1UAb5cah94xyxLRvuJd3EMwggPkMIICzKADAgECAgEFMA0GCSqGSIb3DQEBBQUAMFox EjAQBgNVBAoTCW1pdHJlLm9yZzEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MSQw IgYDVQQDExtNSVRSRSBDb3Jwb3JhdGlvbiBSb290IENBLTEwHhcNMDYwNjAzMTcxMzIyWhcN MTIwNjAzMTcxMzIyWjBdMRIwEAYDVQQKEwltaXRyZS5vcmcxHjAcBgNVBAsTFUNlcnRpZmlj YXRlIEF1dGhvcml0eTEnMCUGA1UEAxMeTUlUUkUgQ29ycG9yYXRpb24gUHJpbWFyeSBDQS0x MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyPB7Vl0QgqgQt0u8Q2duRs7eZUPn hlflKPFPMXGG+iqGpImYs6nfbFPsn0q8FqklFsm/UEV2JJQ3c7Srwfrqe9CrCbVFh761OxZI 7fnUWiUasNP2ING19aAfrQ8IoJsAEtGzHeIacS+M5CN4C0yfUC6CpBZTc9ZldjLUatvJr407 K1i+7WnrRsMVKhICfgmiO/XiVR9YeXyzeRqFrLy6YtJCJuJd0QRfwKtKRpek5oU67Izr7ClH DtPJs7UOTjMYBS2fTzztC+wwOTp6+A3ZbEymuQcAZRwmGkjVBe2R8MiX26R02Iigz+903ZAL /6bpvx0DnkrlR2UFr1KBGfBqmQIDAQABo4GxMIGuMBIGA1UdEwEB/wQIMAYBAf8CAQIwDgYD VR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSHtA9IjWIzQsEtURpIHsKeuwqxrTAfBgNVHSMEGDAW gBTHcFEA2E3+5AHUaJbFPZ+al/50LzBIBgNVHR8EQTA/MD2gO6A5hjdodHRwOi8vd3d3Lm1p dHJlLm9yZy90ZWNoL21paS9wa2kvcm9vdGNhMV9taXRyZV9vcmcuY3JsMA0GCSqGSIb3DQEB BQUAA4IBAQBNbm7rrins3SICPbteX9qSN1+RJClqix/pw3IAe7u60LK0V9jVZ9E2a+c0MZiS ojdcwU5rXxI2OI2wwIf6wVBo76jIOc+IiQRlC+V8YatGmoibqP/8WDPzlud/WQAzkjrU2nuh 8KdyJG+n1kH/6772Lbra2CIk8mu8FypeaB5P2uIJzdE+PGo82ZiyU680ukiJ9yF6UmEXuciB 77tGQBRxMl6ePzIrArQnf48SmBhFD5XYLraueOiG7E+AzD99ig1M6WHcxWXtp3DIrVqE/DZr 146NJaCWqg9NoE14cmpEllnpWLtLnn5UBYJ+QCozmbe1SJXOOynZ0VxMnGdh7NqgMYICqDCC AqQCAQEwYzBdMRIwEAYDVQQKEwltaXRyZS5vcmcxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1 dGhvcml0eTEnMCUGA1UEAxMeTUlUUkUgQ29ycG9yYXRpb24gUHJpbWFyeSBDQS0xAgIfBTAJ BgUrDgMCGgUAoIIBmzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEP Fw0wOTAxMDYxNDA4MDdaMCMGCSqGSIb3DQEJBDEWBBSVwyNPDjTW1JWkewjwuwqOgzrNdzBS BgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0D AgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDByBgkrBgEEAYI3EAQxZTBjMF0xEjAQBgNV BAoTCW1pdHJlLm9yZzEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MScwJQYDVQQD Ex5NSVRSRSBDb3Jwb3JhdGlvbiBQcmltYXJ5IENBLTECAh8FMHQGCyqGSIb3DQEJEAILMWWg YzBdMRIwEAYDVQQKEwltaXRyZS5vcmcxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0 eTEnMCUGA1UEAxMeTUlUUkUgQ29ycG9yYXRpb24gUHJpbWFyeSBDQS0xAgIfBTANBgkqhkiG 9w0BAQEFAASBgA+rbTeKDp1QXxK7oj1xFjfCEPxO7OdxC1S2IU4zLkMB733Yk1gLoV7Hk7TC i80TgdfLJUXt4tg6SXyQnHSJmsskCtH/mh43NyDoK0zBczSgi7VOO2a6NQV2VI19g0vw8SW6 kx3SuvzveDY6klEiVXBXpbdHJHIQ/VwJj5E5NoC/AAAAAAAA --------------ms000103090206070301000309-- From lemus.wilber@amschool.edu.sv Tue Jan 6 08:34:43 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5B4973A6835 for ; Tue, 6 Jan 2009 08:34:43 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -25.417 X-Spam-Level: X-Spam-Status: No, score=-25.417 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, GB_I_LETTER=-2, HELO_MISMATCH_NET=0.611, HOST_EQ_HU=1.245, HTML_IMAGE_ONLY_16=1.526, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_2=0.001, MIME_HTML_ONLY=1.457, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dec6LC6PSjRb for ; Tue, 6 Jan 2009 08:34:42 -0800 (PST) Received: from ahealthybody.net (91-82-67-92.pool.invitel.hu [91.82.67.92]) by core3.amsl.com (Postfix) with SMTP id 9AE8C3A6405 for ; Tue, 6 Jan 2009 08:34:41 -0800 (PST) To: Subject: Your order 75004 From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090106163441.9AE8C3A6405@core3.amsl.com> Date: Tue, 6 Jan 2009 08:34:41 -0800 (PST)
About this mailing:
You are receiving this e-mail because you subscribed to MSN Featured Offers. Microsoft respects your privacy. If you do not wish to receive this MSN Featured Offers e-mail, please click the "Unsubscribe" link below. This will not unsubscribe you from e-mail communications from third-party advertisers that may appear in MSN Feature Offers. This shall not constitute an offer by MSN. MSN shall not be responsible or liable for the advertisers' content nor any of the goods or service advertised. Prices and item availability subject to change without notice.

©2008 Microsoft | Unsubscribe | More Newsletters | Privacy

Microsoft Corporation, One Microsoft Way, Redmond, WA 30104
From smimedfield@bda.com.my Tue Jan 6 14:37:37 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 752BD3A69DF for ; Tue, 6 Jan 2009 14:37:37 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -86.318 X-Spam-Level: X-Spam-Status: No, score=-86.318 tagged_above=-999 required=5 tests=[BAYES_99=3.5, DATE_IN_PAST_12_24=0.992, FH_HOST_EQ_D_D_D_D=0.765, GB_I_LETTER=-2, HELO_MISMATCH_COM=0.553, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, MSGID_MULTIPLE_AT=1.449, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RDNS_DYNAMIC=0.1, SARE_FROM_DRUGS=1.666, SARE_UN7=0.917, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T1P68t9jZv4r for ; Tue, 6 Jan 2009 14:37:30 -0800 (PST) Received: from lyris.scrippsnetworksnewsletters.com (mue-88-130-35-173.dsl.tropolys.de [88.130.35.173]) by core3.amsl.com (Postfix) with SMTP id 1B2D43A69D4 for ; Tue, 6 Jan 2009 14:37:28 -0800 (PST) List-Unsubscribe: Message-ID: DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=2008; d=foodnewsletters.com; h=from; b=wNN6nk6fUAGUBAbIUP3lKlCgqk5zVmTQVMeARFqChiuGcWxbK/emIzfSwyaXzzoru5ZTgJOA 0MO07yoDA9ZEHw== From: "Online Viagra" To: smime-archive@megatron.ietf.org Subject: glees smime-archive@megatron.ietf.org; Give her real nailing power odvu Date: Tue, 6 Jan 2009 11:37:15 +0100 MIME-Version: 1.0 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: 8bit Food Network Newsletter
This message contains images. If you don't see images, click here to view.
Food Network
Tue, 6 Jan 2009 11:37:15 +0100
Home |

HAPPY CHRISTMAS CLICK HERE

Copyright © 2009 Television Food Network, G.P., All Rights Reserved.
© 2009 Scripps Networks Interactive, 9721 Sherrill Blvd., Knoxville, TN 37932
From 27jigs@goggo.com Tue Jan 6 14:46:34 2009 Return-Path: <27jigs@goggo.com> X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 36DB63A69C9; Tue, 6 Jan 2009 14:46:34 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -17.086 X-Spam-Level: X-Spam-Status: No, score=-17.086 tagged_above=-999 required=5 tests=[BAYES_60=1, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_HCC=4.295, HELO_DYNAMIC_IPADDR2=4.395, HELO_EQ_DSL=1.129, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, TVD_RCVD_IP=1.931, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_SBL=20, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WL1juFSsz2cE; Tue, 6 Jan 2009 14:46:33 -0800 (PST) Received: from 190-82-230-243.adsl.tie.cl (190-82-230-243.adsl.tie.cl [190.82.230.243]) by core3.amsl.com (Postfix) with SMTP id E3E043A6B0A; Tue, 6 Jan 2009 14:46:21 -0800 (PST) Message-ID: From: "Shane Lockhart" Date: Tue, 06 Jan 2009 17:46:15 -0500 Subject: Gucci better than you could imagine! To: sip@ietf.org Content-Type: text/plain Content-Transfer-Encoding: 7bit Dear Shane, I had never seen such beautiful and greatly-performing watches like the ones I found online at http://www.laneday.com/ We are offering wholesaler prices on all watches during the month of January 2009. http://www.laneday.com/ Our Franck Muller have Weights/feels and looks exactly same as original. Sincerely, Mr Lockhart From mpdidon@akgroup.com Tue Jan 6 20:11:14 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C1E693A692F for ; Tue, 6 Jan 2009 20:11:14 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -52.139 X-Spam-Level: X-Spam-Status: No, score=-52.139 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, GB_I_LETTER=-2, HELO_DYNAMIC_IPADDR=2.426, HTML_IMAGE_ONLY_16=1.526, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_2=0.001, MIME_HTML_ONLY=1.457, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_RHS_DOB=1.083, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Cl4hVGyMSTax for ; Tue, 6 Jan 2009 20:11:08 -0800 (PST) Received: from ppp-58-8-136-191.revip2.asianet.co.th (ppp-58-8-136-191.revip2.asianet.co.th [58.8.136.191]) by core3.amsl.com (Postfix) with SMTP id 865AE3A6983 for ; Tue, 6 Jan 2009 20:10:59 -0800 (PST) To: Subject: RE: Message 24862 From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090107041100.865AE3A6983@core3.amsl.com> Date: Tue, 6 Jan 2009 20:10:59 -0800 (PST)
About this mailing:
You are receiving this e-mail because you subscribed to MSN Featured Offers. Microsoft respects your privacy. If you do not wish to receive this MSN Featured Offers e-mail, please click the "Unsubscribe" link below. This will not unsubscribe you from e-mail communications from third-party advertisers that may appear in MSN Feature Offers. This shall not constitute an offer by MSN. MSN shall not be responsible or liable for the advertisers' content nor any of the goods or service advertised. Prices and item availability subject to change without notice.

©2008 Microsoft | Unsubscribe | More Newsletters | Privacy

Microsoft Corporation, One Microsoft Way, Redmond, WA 60132
From musa@akintekstil.com Wed Jan 7 00:57:30 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9C4F13A69A7 for ; Wed, 7 Jan 2009 00:57:30 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.533 X-Spam-Level: X-Spam-Status: No, score=-6.533 tagged_above=-999 required=5 tests=[BAYES_99=3.5, DNS_FROM_RFC_BOGUSMX=1.482, GB_I_LETTER=-2, HELO_DYNAMIC_HCC=4.295, HELO_EQ_DSL=1.129, HTML_EXTRA_CLOSE=2.809, HTML_IMAGE_ONLY_16=1.526, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_2=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9iX5ZZYC357n for ; Wed, 7 Jan 2009 00:57:29 -0800 (PST) Received: from bas2-cooksville17-1279557033.dsl.bell.ca (bas2-cooksville17-1279557033.dsl.bell.ca [76.68.125.169]) by core3.amsl.com (Postfix) with SMTP id 48AC63A6989 for ; Wed, 7 Jan 2009 00:57:27 -0800 (PST) To: Subject: Returned mail: unreachable recipients From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090107085728.48AC63A6989@core3.amsl.com> Date: Wed, 7 Jan 2009 00:57:27 -0800 (PST) About this mailing:
You are receiving this e-mail because you subscribed to MSN Featured Offers. Microsoft respects your privacy. If you do not wish to receive this MSN Featured Offers e-mail, please click the "Unsubscribe" link below. This will not unsubscribe you from e-mail communications from third-party advertisers that may appear in MSN Feature Offers. This shall not constitute an offer by MSN. MSN shall not be responsible or liable for the advertisers' content nor any of the goods or service advertised. Prices and item availability subject to change without notice.

C2008 Microsoft | Unsubscribe | More Newsletters | Privacy

Microsoft Corporation, One Microsoft Way, Redmond, WA 98052 From olid@alpinaturismo.com.br Wed Jan 7 01:16:23 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8B4353A6A29 for ; Wed, 7 Jan 2009 01:16:23 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -17.302 X-Spam-Level: X-Spam-Status: No, score=-17.302 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, GB_I_LETTER=-2, HELO_DYNAMIC_DHCP=1.398, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_CPE=0.5, HOST_EQ_CPE=0.979, HTML_IMAGE_ONLY_16=1.526, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_2=0.001, MIME_HTML_ONLY=1.457, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d2ulwhaSO0cV for ; Wed, 7 Jan 2009 01:16:22 -0800 (PST) Received: from cpe-75-82-176-90.socal.res.rr.com (cpe-75-82-176-90.socal.res.rr.com [75.82.176.90]) by core3.amsl.com (Postfix) with SMTP id 0013E3A6A1D for ; Wed, 7 Jan 2009 01:16:21 -0800 (PST) To: Subject: Re: Order status 66976 From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090107091622.0013E3A6A1D@core3.amsl.com> Date: Wed, 7 Jan 2009 01:16:21 -0800 (PST)
About this mailing:
You are receiving this e-mail because you subscribed to MSN Featured Offers. Microsoft respects your privacy. If you do not wish to receive this MSN Featured Offers e-mail, please click the "Unsubscribe" link below. This will not unsubscribe you from e-mail communications from third-party advertisers that may appear in MSN Feature Offers. This shall not constitute an offer by MSN. MSN shall not be responsible or liable for the advertisers' content nor any of the goods or service advertised. Prices and item availability subject to change without notice.

©2008 Microsoft | Unsubscribe | More Newsletters | Privacy

Microsoft Corporation, One Microsoft Way, Redmond, WA 07491
From owner-ietf-smime@mail.imc.org Wed Jan 7 04:32:16 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1D6483A68EB for ; Wed, 7 Jan 2009 04:32:16 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 2.096 X-Spam-Level: ** X-Spam-Status: No, score=2.096 tagged_above=-999 required=5 tests=[AWL=-0.355, BAYES_00=-2.599, CHARSET_FARAWAY_HEADER=3.2, HELO_EQ_DE=0.35, J_CHICKENPOX_12=0.6, J_CHICKENPOX_19=0.6, MIME_8BIT_HEADER=0.3] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KPQWvONTdFzf for ; Wed, 7 Jan 2009 04:32:15 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id EF1BA3A67DF for ; Wed, 7 Jan 2009 04:32:14 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n07BIHXS067536 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 7 Jan 2009 04:18:17 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n07BIHmj067535; Wed, 7 Jan 2009 04:18:17 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from WOTAN.TR-Sys.de (gateway.tr-sys.de [213.178.172.147]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n07BI4Gr067525 for ; Wed, 7 Jan 2009 04:18:16 -0700 (MST) (envelope-from A.Hoenes@tr-sys.de) Received: from ZEUS.TR-Sys.de by w. with ESMTP ($Revision: 1.37.109.26 $/16.3) id AA211216984; Wed, 7 Jan 2009 12:16:24 +0100 Received: (from ah@localhost) by z.TR-Sys.de (8.9.3 (PHNE_25183)/8.7.3) id MAA06692; Wed, 7 Jan 2009 12:16:22 +0100 (MEZ) From: Alfred =?hp-roman8?B?SM5uZXM=?= Message-Id: <200901071116.MAA06692@TR-Sys.de> Subject: Re: 3850bis and 3851bis: proposed changes to cryptographic key sizes To: tim.polk@nist.gov, ietf-smime@imc.org Date: Wed, 7 Jan 2009 12:16:22 +0100 (MEZ) X-Mailer: ELM [$Revision: 1.17.214.3 $] Mime-Version: 1.0 Content-Type: text/plain; charset=hp-roman8 Content-Transfer-Encoding: 7bit Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Folks, I agree with Paul with regard to the process (new I-D preferable). The AD proposed changes at first glance are intended to make the requirements *stronger* (as far as possible without relying on an official version of FIPS PUB 186-3) without sacrificing backwards compatibility. Therefore, I agree with the amended Security Considerations text, for both 3850bis and 3581 bis, and the changes proposed for receiving agent (signature verifier) behavior -- although these now allow small key sizes (< 512) which were not allowed by RFC 3850, and hence this change comes a bit to surprise. However, I really do not understand why, at the 'low end', signature *generating* agents shall now be allowed (via 'MAY') to generate signatures with the even worse key sizes < 512, for both RSA and DSA. Since already S/MIME v3.1 agents had no requirement for being able to verify such signatures, why now adding the capability to produce such signatures ? Finally, nits for 3851bis, in (1) / Section 4.2 : - I suggest s!generated!generating! - Also, for alignment with (2) / Section 4.3, it might be preferable to use plural: s!an S/MIME agent!S/MIME agents! Kind regards, Alfred. -- +------------------------+--------------------------------------------+ | TR-Sys Alfred Hoenes | Alfred Hoenes Dipl.-Math., Dipl.-Phys. | | Gerlinger Strasse 12 | Phone: (+49)7156/9635-0, Fax: -18 | | D-71254 Ditzingen | E-Mail: ah@TR-Sys.de | +------------------------+--------------------------------------------+ From lmslevr@admtl.com Wed Jan 7 15:46:17 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EFF973A6AA1 for ; Wed, 7 Jan 2009 15:46:17 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -10.435 X-Spam-Level: X-Spam-Status: No, score=-10.435 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, GB_I_LETTER=-2, HELO_DYNAMIC_HCC=4.295, HELO_DYNAMIC_IPADDR2=4.395, HELO_DYNAMIC_SPLIT_IP=3.493, HELO_EQ_DSL=1.129, HTML_IMAGE_ONLY_16=1.526, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_2=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_UNI=0.591, TVD_RCVD_IP=1.931, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eVKygM6l6-cE for ; Wed, 7 Jan 2009 15:46:17 -0800 (PST) Received: from 140.21-226-89.dsl.completel.net (140.21-226-89.dsl.completel.net [89.226.21.140]) by core3.amsl.com (Postfix) with SMTP id 0B7743A6AA7 for ; Wed, 7 Jan 2009 15:46:12 -0800 (PST) To: Subject: RE: Message 94154 From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090107234613.0B7743A6AA7@core3.amsl.com> Date: Wed, 7 Jan 2009 15:46:12 -0800 (PST)
About this mailing:
You are receiving this e-mail because you subscribed to MSN Featured Offers. Microsoft respects your privacy. If you do not wish to receive this MSN Featured Offers e-mail, please click the "Unsubscribe" link below. This will not unsubscribe you from e-mail communications from third-party advertisers that may appear in MSN Feature Offers. This shall not constitute an offer by MSN. MSN shall not be responsible or liable for the advertisers' content nor any of the goods or service advertised. Prices and item availability subject to change without notice.

©2008 Microsoft | Unsubscribe | More Newsletters | Privacy

Microsoft Corporation, One Microsoft Way, Redmond, WA 94815
From mahoemimeljos@alice-dsl.net Wed Jan 7 19:05:07 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B7DF43A6993 for ; Wed, 7 Jan 2009 19:05:07 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -18.068 X-Spam-Level: X-Spam-Status: No, score=-18.068 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HOST_EQ_D_D_D_D=0.765, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_DYNAMIC=1.144, HTML_IMAGE_ONLY_04=2.041, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_1=0.001, MIME_HTML_ONLY=1.457, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_HTML_A_BODY=0.742, SARE_HTML_IMG_ONLY=1.666, TVD_SPACE_RATIO=2.219, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_SC_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aAXhVtK+AvN7 for ; Wed, 7 Jan 2009 19:05:07 -0800 (PST) Received: from h167.72.22.98.dynamic.ip.windstream.net (h167.72.22.98.dynamic.ip.windstream.net [98.22.72.167]) by core3.amsl.com (Postfix) with SMTP id 5AD143A681F for ; Wed, 7 Jan 2009 19:05:04 -0800 (PST) To: Subject: Don't disappear again! From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090108030505.5AD143A681F@core3.amsl.com> Date: Wed, 7 Jan 2009 19:05:04 -0800 (PST) Having trouble viewing this email? Click here to view as a webpage. From owner-ietf-smime@mail.imc.org Wed Jan 7 21:34:58 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2067D3A687A for ; Wed, 7 Jan 2009 21:34:58 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.907 X-Spam-Level: X-Spam-Status: No, score=-5.907 tagged_above=-999 required=5 tests=[AWL=0.692, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nXwbwFteTP0s for ; Wed, 7 Jan 2009 21:34:54 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id A6A653A67B3 for ; Wed, 7 Jan 2009 21:34:53 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n084Lf8C017116 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 7 Jan 2009 21:21:41 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n084LfAm017115; Wed, 7 Jan 2009 21:21:41 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from mailhost.auckland.ac.nz (larry.its.auckland.ac.nz [130.216.12.34]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n084LRaq017099; Wed, 7 Jan 2009 21:21:39 -0700 (MST) (envelope-from pgut001@cs.auckland.ac.nz) Received: from localhost (localhost.localdomain [127.0.0.1]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id 9E02319A23; Thu, 8 Jan 2009 17:21:26 +1300 (NZDT) X-Virus-Scanned: by amavisd-new at mailhost.auckland.ac.nz Received: from mailhost.auckland.ac.nz ([127.0.0.1]) by localhost (larry.its.auckland.ac.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FPAH1uc8SBNx; Thu, 8 Jan 2009 17:21:26 +1300 (NZDT) Received: from iris.cs.auckland.ac.nz (iris.cs.auckland.ac.nz [130.216.33.152]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id 987C719A2C; Thu, 8 Jan 2009 17:21:23 +1300 (NZDT) Received: from wintermute01.cs.auckland.ac.nz (wintermute01.cs.auckland.ac.nz [130.216.34.38]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by iris.cs.auckland.ac.nz (Postfix) with ESMTP id 6D18E1BE4002; Thu, 8 Jan 2009 17:21:22 +1300 (NZDT) Received: from pgut001 by wintermute01.cs.auckland.ac.nz with local (Exim 4.63) (envelope-from ) id 1LKmOY-0001mL-AH; Thu, 08 Jan 2009 17:21:22 +1300 From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: pgut001@cs.auckland.ac.nz, v.paz@uq.edu.au Subject: RE: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Cc: cfrg@irtf.org, ietf-pkix@imc.org, ietf-smime@imc.org, saag@ietf.org, tmiller@mitre.org In-Reply-To: <6C62167D152FAD4F91D2D6C8392D1DF005B58E85@UQEXMB1.soe.uq.edu.au> Message-Id: Date: Thu, 08 Jan 2009 17:21:22 +1300 Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: "Viviani Paz" writes: >1- browser vendors strongly encouraging the CA organisations vulnerable to >this problem (using MD5) to get their act together. I'd like to see the >browser vendors giving them a cut off timeframe and remove these root certs >from their trust lists for good. The problem with this is that it's not going to be so easy to tell who's at fault, the first MD5 cert may not appear until several levels down the food chain so there's no way to tell whether a particular root ends in an MD5 cert. And if you do remove a root because some unrelated party five steps down the food chain uses MD5 I can see lawsuits happening... >2- meanwhile browser vendors could issue a warning when certificates relying >on MD5 are in use, this is simpler to be done and shame goes a long way >sometimes. It doesn't resolve the problem, but sets things in motion. That one would definitely work, but has the downside of penalising innocent customers of the CA that issued the cert and not the CA that made the mess. You'd have to convince the CA to issue free replacements for this to work, possibly by framing the warning message in terms of the CA using unsafe practices rather than the site itself being insecure. Even then it's a rather indirect approach that doesn't really target the guilty party since you're scaring the user who is supposed to exert pressure on the site which is then supposed to pressure the CA for a fix. (This is one of those great all-care-and-no-responsibility situations, the CAs can pretty much screw up as much as they want but there's no real repercussions for anyone because of the collateral damage issue. The debate on the Mozilla forums shows this, there's all manner of knee-jerk reactions possible to make an example of someone convenient but none of them really get to the root of the problem). Peter. From owner-ietf-smime@mail.imc.org Wed Jan 7 22:57:14 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BF21C28C102 for ; Wed, 7 Jan 2009 22:57:14 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.093 X-Spam-Level: X-Spam-Status: No, score=-6.093 tagged_above=-999 required=5 tests=[AWL=0.506, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PDqPsfrNa932 for ; Wed, 7 Jan 2009 22:57:14 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 912493A68B0 for ; Wed, 7 Jan 2009 22:57:13 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n085jpxo020636 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 7 Jan 2009 22:45:51 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n085joYf020634; Wed, 7 Jan 2009 22:45:50 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from chokecherry.srv.cs.cmu.edu (CHOKECHERRY.SRV.CS.CMU.EDU [128.2.185.41]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n085jcKB020614 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Wed, 7 Jan 2009 22:45:50 -0700 (MST) (envelope-from jhutz@cmu.edu) Received: from 68-246-165-160.pools.spcsdns.net (ATLANTIS-HOME.PC.CS.CMU.EDU [128.2.184.185]) (authenticated bits=0) by chokecherry.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id n085jJwe008311 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 8 Jan 2009 00:45:21 -0500 (EST) Date: Thu, 08 Jan 2009 00:45:19 -0500 From: Jeffrey Hutzelman To: Peter Gutmann , v.paz@uq.edu.au cc: tmiller@mitre.org, ietf-pkix@imc.org, ietf-smime@imc.org, cfrg@irtf.org, saag@ietf.org, jhutz@cmu.edu Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Message-ID: <2125BB6F6871041891AD145D@atlantis.pc.cs.cmu.edu> In-Reply-To: <200901080421.n084LXid025471@raisinbran.srv.cs.cmu.edu> References: <200901080421.n084LXid025471@raisinbran.srv.cs.cmu.edu> X-Mailer: Mulberry/4.0.8 (Linux/x86) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Scanned-By: mimedefang-cmuscs on 128.2.185.41 Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: --On Thursday, January 08, 2009 05:21:22 PM +1300 Peter Gutmann wrote: > Even then it's a rather indirect approach that doesn't really target the > guilty party since you're scaring the user who is supposed to exert > pressure on the site which is then supposed to pressure the CA for a fix. This cuts to the root of the problem: there are no contractual relations between a relying party and the cartificate authorities upon whom he relies. As a result, there is no incentive for certificate authorities to adopt practices which benefit the relying party. Instead, the incentive is to adopt practices which benefit the CA and its customers, which are the parties to whom it issues certificates (but _not_ the parties to whom only other CA's issue certificates). Perhaps a solution to this is a new model. Under the new model, each relying party who chooses to participate would punt the trust anchors that come with his or her browser or other software, and instead subscribe to a trust anchor service, which for a fee provides a regularly-maintained list of trust anchors, or perhaps a single trust anchor which signs "root" CA certificates and for which a well-maintained OCSP server is provided. Such a trust anchor service would be an obvious candidate for bundling with ISP services or for sale by security software vendors. The trust anchor service, then, reaches agreements with the various certificate authorities, under which the CA is included in the list of trust anchors in exchange for the CA agreeing to maintain practices which are acceptable to the trust anchor provider. Note that some browser vendors already do essentially this, except that the CA has no contractual obligation to the browser vendor to meet the cirteria for inclusion in the trust anchor list on an ongoing basis, and the browser vendor has no contractual obligation to the users of its product to include only those CA's which meet a suitable set of criteria. -- Jeff From owner-ietf-smime@mail.imc.org Wed Jan 7 23:46:05 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AD93C3A6A46 for ; Wed, 7 Jan 2009 23:46:05 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.046 X-Spam-Level: X-Spam-Status: No, score=-2.046 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_MISMATCH_COM=0.553] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CuNJC6L4Nk2n for ; Wed, 7 Jan 2009 23:46:04 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 58D6D3A67A7 for ; Wed, 7 Jan 2009 23:46:04 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n086aV3w022852 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 7 Jan 2009 23:36:31 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n086aUHw022850; Wed, 7 Jan 2009 23:36:30 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from mail.ascertia.com (server5852.dedicated.webfusion.co.uk [81.21.74.134]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n086aIi7022835; Wed, 7 Jan 2009 23:36:29 -0700 (MST) (envelope-from liaquat.khan@ascertia.com) Received: from ASCUK001 ([87.201.190.32]) by ds5852.dedicated.turbodns.co.uk with MailEnable ESMTP; Thu, 08 Jan 2009 06:36:45 +0000 From: "Liaquat Khan" To: "'Jeffrey Hutzelman'" , "'Peter Gutmann'" , Cc: , , , , References: <200901080421.n084LXid025471@raisinbran.srv.cs.cmu.edu> <2125BB6F6871041891AD145D@atlantis.pc.cs.cmu.edu> Subject: RE: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Date: Thu, 8 Jan 2009 10:35:31 +0400 Message-ID: <5FAA73B18D1A43E088BFE298631450BB@ASCUK001> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 11 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579 In-Reply-To: <2125BB6F6871041891AD145D@atlantis.pc.cs.cmu.edu> Thread-Index: AclxVRJNA4tWjn2gR7CFY2ggvUDA7wAAvShw X-ME-Bayesian: 0.000000 Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Jeff, what you describe is similar to the concept of a "validation authority", which has been around for a while. A VA service has a contractual relationship with RPs, and is responsible for responding on trustworthiness of certificates (and/or signatures). XKMS/SCVP/DSS protocols support this concept. There is at least one commercial entity (our partner DNV), which is offering such a service currently: http://www.dnv.com/services/verification/vas/index.asp Importantly in addition to validating the trustworthiness of the certificate, DNV also offer a security quality rating for the certificate (based on the CA's audited policy/practices, hash and public key algorithms used and key lengths etc.). Such a quality rating service is important in examples like this where a certificate is trusted because it chains to a trust anchor, but is not considered acceptable because it fails a minimum quality rating required by the RP. However although Ascertia offers products which interface with Validation Authority service providers, the standard browser is not yet capable of this and is unlikely to be for some time. Regards, LK -----Original Message----- From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org] On Behalf Of Jeffrey Hutzelman Sent: 08 January 2009 09:45 To: Peter Gutmann; v.paz@uq.edu.au Cc: tmiller@mitre.org; ietf-pkix@imc.org; ietf-smime@imc.org; cfrg@irtf.org; saag@ietf.org; jhutz@cmu.edu Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate --On Thursday, January 08, 2009 05:21:22 PM +1300 Peter Gutmann wrote: > Even then it's a rather indirect approach that doesn't really target the > guilty party since you're scaring the user who is supposed to exert > pressure on the site which is then supposed to pressure the CA for a fix. This cuts to the root of the problem: there are no contractual relations between a relying party and the cartificate authorities upon whom he relies. As a result, there is no incentive for certificate authorities to adopt practices which benefit the relying party. Instead, the incentive is to adopt practices which benefit the CA and its customers, which are the parties to whom it issues certificates (but _not_ the parties to whom only other CA's issue certificates). Perhaps a solution to this is a new model. Under the new model, each relying party who chooses to participate would punt the trust anchors that come with his or her browser or other software, and instead subscribe to a trust anchor service, which for a fee provides a regularly-maintained list of trust anchors, or perhaps a single trust anchor which signs "root" CA certificates and for which a well-maintained OCSP server is provided. Such a trust anchor service would be an obvious candidate for bundling with ISP services or for sale by security software vendors. The trust anchor service, then, reaches agreements with the various certificate authorities, under which the CA is included in the list of trust anchors in exchange for the CA agreeing to maintain practices which are acceptable to the trust anchor provider. Note that some browser vendors already do essentially this, except that the CA has no contractual obligation to the browser vendor to meet the cirteria for inclusion in the trust anchor list on an ongoing basis, and the browser vendor has no contractual obligation to the users of its product to include only those CA's which meet a suitable set of criteria. -- Jeff From owner-ietf-smime@mail.imc.org Thu Jan 8 00:39:53 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9453928C0F4 for ; Thu, 8 Jan 2009 00:39:53 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.349 X-Spam-Level: X-Spam-Status: No, score=-4.349 tagged_above=-999 required=5 tests=[AWL=-0.750, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 15w2+kMbdZE4 for ; Thu, 8 Jan 2009 00:39:52 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 669023A68BC for ; Thu, 8 Jan 2009 00:39:52 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n087OGNn024769 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 8 Jan 2009 00:24:16 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n087OGDK024767; Thu, 8 Jan 2009 00:24:16 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from mailhost.auckland.ac.nz (curly.its.auckland.ac.nz [130.216.12.33]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n087O4X0024746; Thu, 8 Jan 2009 00:24:15 -0700 (MST) (envelope-from pgut001@cs.auckland.ac.nz) Received: from localhost (localhost.localdomain [127.0.0.1]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id 2516B9E5B5; Thu, 8 Jan 2009 20:24:04 +1300 (NZDT) X-Virus-Scanned: by amavisd-new at mailhost.auckland.ac.nz Received: from mailhost.auckland.ac.nz ([127.0.0.1]) by localhost (curly.its.auckland.ac.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h+pssntYkJXL; Thu, 8 Jan 2009 20:24:04 +1300 (NZDT) Received: from iris.cs.auckland.ac.nz (iris.cs.auckland.ac.nz [130.216.33.152]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id 5EB4C9E529; Thu, 8 Jan 2009 20:24:01 +1300 (NZDT) Received: from wintermute01.cs.auckland.ac.nz (wintermute01.cs.auckland.ac.nz [130.216.34.38]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by iris.cs.auckland.ac.nz (Postfix) with ESMTP id BDC571BE4002; Thu, 8 Jan 2009 20:23:55 +1300 (NZDT) Received: from pgut001 by wintermute01.cs.auckland.ac.nz with local (Exim 4.63) (envelope-from ) id 1LKpFD-0002LS-Ks; Thu, 08 Jan 2009 20:23:55 +1300 From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: jhutz@cmu.edu, pgut001@cs.auckland.ac.nz, v.paz@uq.edu.au Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Cc: cfrg@irtf.org, ietf-pkix@imc.org, ietf-smime@imc.org, saag@ietf.org, tmiller@mitre.org In-Reply-To: <2125BB6F6871041891AD145D@atlantis.pc.cs.cmu.edu> Message-Id: Date: Thu, 08 Jan 2009 20:23:55 +1300 Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Jeffrey Hutzelman writes: >Perhaps a solution to this is a new model. A good start... >which for a fee provides ... and it just failed right there. Peter :-). From owner-ietf-smime@mail.imc.org Thu Jan 8 05:54:08 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 232753A6AED for ; Thu, 8 Jan 2009 05:54:08 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.122 X-Spam-Level: X-Spam-Status: No, score=-6.122 tagged_above=-999 required=5 tests=[AWL=0.477, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YsZxxwocrdon for ; Thu, 8 Jan 2009 05:54:07 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 06F353A6875 for ; Thu, 8 Jan 2009 05:54:06 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n08CVZAT041158 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 8 Jan 2009 05:31:35 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n08CVZRS041156; Thu, 8 Jan 2009 05:31:35 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from jackfruit.srv.cs.cmu.edu (JACKFRUIT.SRV.CS.CMU.EDU [128.2.201.16]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n08CVNS7041129 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Thu, 8 Jan 2009 05:31:34 -0700 (MST) (envelope-from jhutz@cmu.edu) Received: from MINBAR.FAC.CS.CMU.EDU (MINBAR.FAC.CS.CMU.EDU [128.2.216.42]) (authenticated bits=0) by jackfruit.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id n08CV9b5003696 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 8 Jan 2009 07:31:10 -0500 (EST) Date: Thu, 08 Jan 2009 07:31:09 -0500 From: Jeffrey Hutzelman To: Peter Gutmann , v.paz@uq.edu.au cc: cfrg@irtf.org, ietf-pkix@imc.org, ietf-smime@imc.org, saag@ietf.org, tmiller@mitre.org, jhutz@cmu.edu Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Message-ID: In-Reply-To: References: X-Mailer: Mulberry/4.0.8 (Linux/x86) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Scanned-By: mimedefang-cmuscs on 128.2.201.16 Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: --On Thursday, January 08, 2009 08:23:55 PM +1300 Peter Gutmann wrote: > Jeffrey Hutzelman writes: > >> Perhaps a solution to this is a new model. > > A good start... > >> which for a fee provides > > ... and it just failed right there. Perhaps, but it's fairly well essential. That fee is the basis for the trust anchor provider's contractual obligation to the end user. Drop that, and the whole thing falls apart. Note that charging a fee for this service is not absurd. Lots of people (consumers) pay fees for up-to-date lists of virus signatures, phishing sites, spam-blocking rules, and so on. -- Jeff From owner-ietf-smime@mail.imc.org Thu Jan 8 06:26:35 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7BE4E3A6859 for ; Thu, 8 Jan 2009 06:26:35 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.139 X-Spam-Level: X-Spam-Status: No, score=-6.139 tagged_above=-999 required=5 tests=[AWL=0.460, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0wFnTFMtxPaF for ; Thu, 8 Jan 2009 06:26:31 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 443FF3A679F for ; Thu, 8 Jan 2009 06:26:31 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n08E8YfZ046642 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 8 Jan 2009 07:08:34 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n08E8Xvc046636; Thu, 8 Jan 2009 07:08:33 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from jackfruit.srv.cs.cmu.edu (JACKFRUIT.SRV.CS.CMU.EDU [128.2.201.16]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n08E8Wud046617 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Thu, 8 Jan 2009 07:08:33 -0700 (MST) (envelope-from jhutz@cmu.edu) Received: from MINBAR.FAC.CS.CMU.EDU (MINBAR.FAC.CS.CMU.EDU [128.2.216.42]) (authenticated bits=0) by jackfruit.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id n08E8MJp005143 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 8 Jan 2009 09:08:22 -0500 (EST) Date: Thu, 08 Jan 2009 09:08:22 -0500 From: Jeffrey Hutzelman To: Peter Gutmann , v.paz@uq.edu.au cc: cfrg@irtf.org, ietf-pkix@imc.org, ietf-smime@imc.org, saag@ietf.org, tmiller@mitre.org, jhutz@cmu.edu Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Message-ID: <34201D87D99D2E7BF3467C9A@minbar.fac.cs.cmu.edu> In-Reply-To: References: X-Mailer: Mulberry/4.0.8 (Linux/x86) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Scanned-By: mimedefang-cmuscs on 128.2.201.16 Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: --On Friday, January 09, 2009 02:17:44 AM +1300 Peter Gutmann wrote: > Jeffrey Hutzelman writes: > >> Note that charging a fee for this service is not absurd. Lots of people >> (consumers) pay fees for up-to-date lists of virus signatures, phishing >> sites, spam-blocking rules, and so on. > > Conceptually it's not absurd, but how are you going to persuade a > billion-odd users that they need to pay for something that they've been > conditioned to get for free? Will you promise to indemnify them against > identity theft (via phishing) if they sign up to your service? What > value-add will you offer that will convince the drool-and-click masses to > pay for your service? Convince the insurance companies to give discounts on "identity theft" insurance (yes, this product exists and is pretty common; it covers the costs of tracking down and fixing the results of fraud that, under the present system, are borne _not_ by the banks or merchants but by the individual who was impersonated). Convince the security software companies to add this service to their bundles. Plenty of people buy that stuff. Convince the banks to change their rules to make you responsible for unauthorized access if it would have been prevented by such a service and you weren't using one. -- Jeff From owner-ietf-smime@mail.imc.org Thu Jan 8 06:27:42 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B98583A6878 for ; Thu, 8 Jan 2009 06:27:42 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.893 X-Spam-Level: X-Spam-Status: No, score=-5.893 tagged_above=-999 required=5 tests=[AWL=0.706, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yQlvoixOBSIi for ; Thu, 8 Jan 2009 06:27:42 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id A66723A6862 for ; Thu, 8 Jan 2009 06:27:41 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n08DI64x043625 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 8 Jan 2009 06:18:06 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n08DI68f043624; Thu, 8 Jan 2009 06:18:06 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from mailhost.auckland.ac.nz (larry.its.auckland.ac.nz [130.216.12.34]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n08DHs51043586; Thu, 8 Jan 2009 06:18:05 -0700 (MST) (envelope-from pgut001@cs.auckland.ac.nz) Received: from localhost (localhost.localdomain [127.0.0.1]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id 0A48E199E2; Fri, 9 Jan 2009 02:17:54 +1300 (NZDT) X-Virus-Scanned: by amavisd-new at mailhost.auckland.ac.nz Received: from mailhost.auckland.ac.nz ([127.0.0.1]) by localhost (larry.its.auckland.ac.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gFtiCLKZ2K+g; Fri, 9 Jan 2009 02:17:53 +1300 (NZDT) Received: from iris.cs.auckland.ac.nz (iris.cs.auckland.ac.nz [130.216.33.152]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id 2C9BB19ABA; Fri, 9 Jan 2009 02:17:51 +1300 (NZDT) Received: from wintermute01.cs.auckland.ac.nz (wintermute01.cs.auckland.ac.nz [130.216.34.38]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by iris.cs.auckland.ac.nz (Postfix) with ESMTP id 761C91BE4002; Fri, 9 Jan 2009 02:17:44 +1300 (NZDT) Received: from pgut001 by wintermute01.cs.auckland.ac.nz with local (Exim 4.63) (envelope-from ) id 1LKulc-0003IJ-4X; Fri, 09 Jan 2009 02:17:44 +1300 From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: jhutz@cmu.edu, pgut001@cs.auckland.ac.nz, v.paz@uq.edu.au Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Cc: cfrg@irtf.org, ietf-pkix@imc.org, ietf-smime@imc.org, saag@ietf.org, tmiller@mitre.org In-Reply-To: Message-Id: Date: Fri, 09 Jan 2009 02:17:44 +1300 Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Jeffrey Hutzelman writes: >Note that charging a fee for this service is not absurd. Lots of people >(consumers) pay fees for up-to-date lists of virus signatures, phishing >sites, spam-blocking rules, and so on. Conceptually it's not absurd, but how are you going to persuade a billion-odd users that they need to pay for something that they've been conditioned to get for free? Will you promise to indemnify them against identity theft (via phishing) if they sign up to your service? What value-add will you offer that will convince the drool-and-click masses to pay for your service? Peter. From owner-ietf-smime@mail.imc.org Thu Jan 8 06:35:50 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E0FFD3A68D6 for ; Thu, 8 Jan 2009 06:35:50 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.582 X-Spam-Level: X-Spam-Status: No, score=-6.582 tagged_above=-999 required=5 tests=[AWL=0.017, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2-lC-HctsxTn for ; Thu, 8 Jan 2009 06:35:50 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id A14E33A68BD for ; Thu, 8 Jan 2009 06:35:49 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n08ELhLB048009 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 8 Jan 2009 07:21:43 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n08ELhYU048006; Thu, 8 Jan 2009 07:21:43 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from smtp-bedford.mitre.org (smtp-bedford.mitre.org [129.83.20.191]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n08ELV97047986; Thu, 8 Jan 2009 07:21:41 -0700 (MST) (envelope-from tmiller@mitre.org) Received: from smtp-bedford.mitre.org (localhost.localdomain [127.0.0.1]) by smtp-bedford.mitre.org (8.13.1/8.13.1) with ESMTP id n08ELTmP012803; Thu, 8 Jan 2009 09:21:30 -0500 Received: from imchub1.MITRE.ORG (imchub1.mitre.org [129.83.29.73]) by smtp-bedford.mitre.org (8.13.1/8.13.1) with ESMTP id n08ELSka012744; Thu, 8 Jan 2009 09:21:28 -0500 Received: from [129.83.200.2] (129.83.200.2) by imchub1.MITRE.ORG (129.83.29.73) with Microsoft SMTP Server (TLS) id 8.1.311.2; Thu, 8 Jan 2009 09:21:28 -0500 Message-ID: <49660BCB.8000809@mitre.org> Date: Thu, 8 Jan 2009 08:20:59 -0600 From: "Timothy J. Miller" User-Agent: Thunderbird 2.0.0.19 (Windows/20081209) MIME-Version: 1.0 To: Jeffrey Hutzelman CC: Peter Gutmann , "v.paz@uq.edu.au" , "cfrg@irtf.org" , "ietf-pkix@imc.org" , "ietf-smime@imc.org" , "saag@ietf.org" Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate References: In-Reply-To: Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms000306050806080101080606" Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: --------------ms000306050806080101080606 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Jeffrey Hutzelman wrote: > Note that charging a fee for this service is not absurd. Lots of people > (consumers) pay fees for up-to-date lists of virus signatures, phishing > sites, spam-blocking rules, and so on. Actually, most consumers keep these up-to-date only as long as the free trial period given to them when they bought the computer lasts, and then cease to care. The core business for these companies is business contracts. -- Tim --------------ms000306050806080101080606 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIKvjCC A2cwggJPoAMCAQICAh8FMA0GCSqGSIb3DQEBBQUAMF0xEjAQBgNVBAoTCW1pdHJlLm9yZzEe MBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MScwJQYDVQQDEx5NSVRSRSBDb3Jwb3Jh dGlvbiBQcmltYXJ5IENBLTEwHhcNMDgwODIxMTUzMTI5WhcNMTAwMjEyMTUzMTI5WjBaMRIw EAYDVQQKEwltaXRyZS5vcmcxDzANBgNVBAsTBnBlb3BsZTEXMBUGCgmSJomT8ixkAQETB3Rt aWxsZXIxGjAYBgNVBAMTEU1pbGxlciBUaW1vdGh5IEouMIGfMA0GCSqGSIb3DQEBAQUAA4GN ADCBiQKBgQCTxM+z5fDKvmBInGatv0DkVwuOxd69S2M2jho8QkOltYJK/4JUm9uK0UtQZkyI bEjmCpmXLw17iMCgA0SjwuUfJxdF8ntTys8keyMjRdlKSwFnkgZl9tL7o060LBtZQYzI5ajr W9k3N768G/k1bZS5UYiMGHU5+Ygl4IwVhmQv3wIDAQABo4G3MIG0MA4GA1UdDwEB/wQEAwIF 4DAdBgNVHQ4EFgQUSXARqmj5Bl2Lz7RLoUIkuOHl0MkwHwYDVR0jBBgwFoAUh7QPSI1iM0LB LVEaSB7CnrsKsa0wRAYDVR0fBD0wOzA5oDegNYYzaHR0cDovL3d3dy5taXRyZS5vcmcvdGVj aC9taWkvcGtpL2NhMV9taXRyZV9vcmcuY3JsMBwGA1UdEQQVMBOBEXRtaWxsZXJAbWl0cmUu b3JnMA0GCSqGSIb3DQEBBQUAA4IBAQAbA1PH/hed/rryO1f0yfTRJnD/vL1rFTduUut/irL7 FSXHGybuPHxydfyGPvJ4qj+T8hs1W0jTa2zQnaPR52tms3hefl76CNVP9vJoVmaM9svFX4DX 6eJh/4SAI81tAuBIK8gxsWd1Va/Bnnh1/wsZLc8w2jkojVqkT2AHPaHS3DBKX7QAWovXVSxY QlqMIH4zvSNSVfpvpIf0MWJWRBPvgerVSbJsA4dz6ziKvXDWySTV9zwSuNjikNqL//nIKwjb r3ZOfSUOxSuhW58an2Ha4TdORvG4dGJEsMzxbpTB+wt/s6tK6roONV4uiDtODBNVAG+XGofe McsS0b7iXdxDMIIDZzCCAk+gAwIBAgICHwUwDQYJKoZIhvcNAQEFBQAwXTESMBAGA1UEChMJ bWl0cmUub3JnMR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxJzAlBgNVBAMTHk1J VFJFIENvcnBvcmF0aW9uIFByaW1hcnkgQ0EtMTAeFw0wODA4MjExNTMxMjlaFw0xMDAyMTIx NTMxMjlaMFoxEjAQBgNVBAoTCW1pdHJlLm9yZzEPMA0GA1UECxMGcGVvcGxlMRcwFQYKCZIm iZPyLGQBARMHdG1pbGxlcjEaMBgGA1UEAxMRTWlsbGVyIFRpbW90aHkgSi4wgZ8wDQYJKoZI hvcNAQEBBQADgY0AMIGJAoGBAJPEz7Pl8Mq+YEicZq2/QORXC47F3r1LYzaOGjxCQ6W1gkr/ glSb24rRS1BmTIhsSOYKmZcvDXuIwKADRKPC5R8nF0Xye1PKzyR7IyNF2UpLAWeSBmX20vuj TrQsG1lBjMjlqOtb2Tc3vrwb+TVtlLlRiIwYdTn5iCXgjBWGZC/fAgMBAAGjgbcwgbQwDgYD VR0PAQH/BAQDAgXgMB0GA1UdDgQWBBRJcBGqaPkGXYvPtEuhQiS44eXQyTAfBgNVHSMEGDAW gBSHtA9IjWIzQsEtURpIHsKeuwqxrTBEBgNVHR8EPTA7MDmgN6A1hjNodHRwOi8vd3d3Lm1p dHJlLm9yZy90ZWNoL21paS9wa2kvY2ExX21pdHJlX29yZy5jcmwwHAYDVR0RBBUwE4ERdG1p bGxlckBtaXRyZS5vcmcwDQYJKoZIhvcNAQEFBQADggEBABsDU8f+F53+uvI7V/TJ9NEmcP+8 vWsVN25S63+KsvsVJccbJu48fHJ1/IY+8niqP5PyGzVbSNNrbNCdo9Hna2azeF5+XvoI1U/2 8mhWZoz2y8VfgNfp4mH/hIAjzW0C4EgryDGxZ3VVr8GeeHX/CxktzzDaOSiNWqRPYAc9odLc MEpftABai9dVLFhCWowgfjO9I1JV+m+kh/QxYlZEE++B6tVJsmwDh3PrOIq9cNbJJNX3PBK4 2OKQ2ov/+cgrCNuvdk59JQ7FK6FbnxqfYdrhN05G8bh0YkSwzPFulMH7C3+zq0rqug41Xi6I O04ME1UAb5cah94xyxLRvuJd3EMwggPkMIICzKADAgECAgEFMA0GCSqGSIb3DQEBBQUAMFox EjAQBgNVBAoTCW1pdHJlLm9yZzEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MSQw IgYDVQQDExtNSVRSRSBDb3Jwb3JhdGlvbiBSb290IENBLTEwHhcNMDYwNjAzMTcxMzIyWhcN MTIwNjAzMTcxMzIyWjBdMRIwEAYDVQQKEwltaXRyZS5vcmcxHjAcBgNVBAsTFUNlcnRpZmlj YXRlIEF1dGhvcml0eTEnMCUGA1UEAxMeTUlUUkUgQ29ycG9yYXRpb24gUHJpbWFyeSBDQS0x MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyPB7Vl0QgqgQt0u8Q2duRs7eZUPn hlflKPFPMXGG+iqGpImYs6nfbFPsn0q8FqklFsm/UEV2JJQ3c7Srwfrqe9CrCbVFh761OxZI 7fnUWiUasNP2ING19aAfrQ8IoJsAEtGzHeIacS+M5CN4C0yfUC6CpBZTc9ZldjLUatvJr407 K1i+7WnrRsMVKhICfgmiO/XiVR9YeXyzeRqFrLy6YtJCJuJd0QRfwKtKRpek5oU67Izr7ClH DtPJs7UOTjMYBS2fTzztC+wwOTp6+A3ZbEymuQcAZRwmGkjVBe2R8MiX26R02Iigz+903ZAL /6bpvx0DnkrlR2UFr1KBGfBqmQIDAQABo4GxMIGuMBIGA1UdEwEB/wQIMAYBAf8CAQIwDgYD VR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSHtA9IjWIzQsEtURpIHsKeuwqxrTAfBgNVHSMEGDAW gBTHcFEA2E3+5AHUaJbFPZ+al/50LzBIBgNVHR8EQTA/MD2gO6A5hjdodHRwOi8vd3d3Lm1p dHJlLm9yZy90ZWNoL21paS9wa2kvcm9vdGNhMV9taXRyZV9vcmcuY3JsMA0GCSqGSIb3DQEB BQUAA4IBAQBNbm7rrins3SICPbteX9qSN1+RJClqix/pw3IAe7u60LK0V9jVZ9E2a+c0MZiS ojdcwU5rXxI2OI2wwIf6wVBo76jIOc+IiQRlC+V8YatGmoibqP/8WDPzlud/WQAzkjrU2nuh 8KdyJG+n1kH/6772Lbra2CIk8mu8FypeaB5P2uIJzdE+PGo82ZiyU680ukiJ9yF6UmEXuciB 77tGQBRxMl6ePzIrArQnf48SmBhFD5XYLraueOiG7E+AzD99ig1M6WHcxWXtp3DIrVqE/DZr 146NJaCWqg9NoE14cmpEllnpWLtLnn5UBYJ+QCozmbe1SJXOOynZ0VxMnGdh7NqgMYICqDCC AqQCAQEwYzBdMRIwEAYDVQQKEwltaXRyZS5vcmcxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1 dGhvcml0eTEnMCUGA1UEAxMeTUlUUkUgQ29ycG9yYXRpb24gUHJpbWFyeSBDQS0xAgIfBTAJ BgUrDgMCGgUAoIIBmzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEP Fw0wOTAxMDgxNDIwNTlaMCMGCSqGSIb3DQEJBDEWBBRhJ8OPKskpKyb409QzoLQfobWV4jBS BgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0D AgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDByBgkrBgEEAYI3EAQxZTBjMF0xEjAQBgNV BAoTCW1pdHJlLm9yZzEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MScwJQYDVQQD Ex5NSVRSRSBDb3Jwb3JhdGlvbiBQcmltYXJ5IENBLTECAh8FMHQGCyqGSIb3DQEJEAILMWWg YzBdMRIwEAYDVQQKEwltaXRyZS5vcmcxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0 eTEnMCUGA1UEAxMeTUlUUkUgQ29ycG9yYXRpb24gUHJpbWFyeSBDQS0xAgIfBTANBgkqhkiG 9w0BAQEFAASBgDBLEFj0m7V/YBruCeqkQOL5+50I4wjSl4F7hbwnsA/gW3p7PxNvfJS69qTn 6YVdQIoNfYEsr4bhwHtn1fz373t0puwCZG3u4koo1P7KuagH0ja1JKvuJBwHNWI2wU+6g9CF xKN5jCoDe+7QmWB1WLOpC1S/M6mpmc+c3XbX4y2EAAAAAAAA --------------ms000306050806080101080606-- From nhculp@alside.com Thu Jan 8 06:45:28 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A01D33A68D6 for ; Thu, 8 Jan 2009 06:45:28 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -29.415 X-Spam-Level: X-Spam-Status: No, score=-29.415 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_RELAY_NODNS=1.451, GB_I_LETTER=-2, HELO_MISMATCH_COM=0.553, HTML_IMAGE_ONLY_16=1.526, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_2=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, RDNS_NONE=0.1, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Cooeso4yDcxG for ; Thu, 8 Jan 2009 06:45:28 -0800 (PST) Received: from akumar.com (unknown [189.70.79.179]) by core3.amsl.com (Postfix) with SMTP id 706A93A67AC for ; Thu, 8 Jan 2009 06:45:24 -0800 (PST) To: Subject: Re: Order status 01505 From: MIME-Version: 1.0 Importance: High Content-Type: text/html X-Antivirus: avast! (VPS 000703-1, 15/01/2007), Outbound message X-Antivirus-Status: Clean Message-Id: <20090108144525.706A93A67AC@core3.amsl.com> Date: Thu, 8 Jan 2009 06:45:24 -0800 (PST)
About this mailing:
You are receiving this e-mail because you subscribed to MSN Featured Offers. Microsoft respects your privacy. If you do not wish to receive this MSN Featured Offers e-mail, please click the "Unsubscribe" link below. This will not unsubscribe you from e-mail communications from third-party advertisers that may appear in MSN Feature Offers. This shall not constitute an offer by MSN. MSN shall not be responsible or liable for the advertisers' content nor any of the goods or service advertised. Prices and item availability subject to change without notice.

©2008 Microsoft | Unsubscribe | More Newsletters | Privacy

Microsoft Corporation, One Microsoft Way, Redmond, WA 95138
From owner-ietf-smime@mail.imc.org Thu Jan 8 07:08:32 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 612253A68B2 for ; Thu, 8 Jan 2009 07:08:32 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.133 X-Spam-Level: X-Spam-Status: No, score=-2.133 tagged_above=-999 required=5 tests=[AWL=-0.479, BAYES_00=-2.599, HELO_MISMATCH_ORG=0.611, IP_NOT_FRIENDLY=0.334] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8vDtnzQgrRhq for ; Thu, 8 Jan 2009 07:08:31 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 33F5B3A6359 for ; Thu, 8 Jan 2009 07:08:30 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n08DwI6C045768 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 8 Jan 2009 06:58:18 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n08DwI77045767; Thu, 8 Jan 2009 06:58:18 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from thunker.thunk.org (THUNK.ORG [69.25.196.29]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n08Dw5vT045732 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO); Thu, 8 Jan 2009 06:58:16 -0700 (MST) (envelope-from tytso@mit.edu) Received: from root (helo=closure.thunk.org) by thunker.thunk.org with local-esmtp (Exim 4.50 #1 (Debian)) id 1LKvOT-0007Ly-J8; Thu, 08 Jan 2009 08:57:53 -0500 Received: from tytso by closure.thunk.org with local (Exim 4.69) (envelope-from ) id 1LKvOS-0006Ca-R3; Thu, 08 Jan 2009 08:57:52 -0500 Date: Thu, 8 Jan 2009 08:57:52 -0500 From: Theodore Tso To: Peter Gutmann Cc: jhutz@cmu.edu, v.paz@uq.edu.au, tmiller@mitre.org, ietf-pkix@imc.org, ietf-smime@imc.org, cfrg@irtf.org, saag@ietf.org Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Message-ID: <20090108135752.GC20121@mit.edu> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.17+20080114 (2008-01-14) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: tytso@mit.edu X-SA-Exim-Scanned: No (on thunker.thunk.org); SAEximRunCond expanded to false Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: On Fri, Jan 09, 2009 at 02:17:44AM +1300, Peter Gutmann wrote: > > Conceptually it's not absurd, but how are you going to persuade a > billion-odd users that they need to pay for something that they've > been conditioned to get for free? Will you promise to indemnify > them against identity theft (via phishing) if they sign up to your > service? What value-add will you offer that will convince the > drool-and-click masses to pay for your service? Especially since the market has already come up with a solution that involves the merchants and the credit card companies bearing the burden of most fraud losses... - Ted From owner-ietf-smime@mail.imc.org Thu Jan 8 07:09:26 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DC2F73A6359 for ; Thu, 8 Jan 2009 07:09:26 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.037 X-Spam-Level: X-Spam-Status: No, score=-2.037 tagged_above=-999 required=5 tests=[AWL=-0.383, BAYES_00=-2.599, HELO_MISMATCH_ORG=0.611, IP_NOT_FRIENDLY=0.334] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iwCm7gB4R9VT for ; Thu, 8 Jan 2009 07:09:26 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id BB0EE3A68D6 for ; Thu, 8 Jan 2009 07:09:25 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n08EpBXU049968 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 8 Jan 2009 07:51:11 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n08EpBav049966; Thu, 8 Jan 2009 07:51:11 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from thunker.thunk.org (THUNK.ORG [69.25.196.29]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n08Ep9jx049956 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO); Thu, 8 Jan 2009 07:51:10 -0700 (MST) (envelope-from tytso@mit.edu) Received: from root (helo=closure.thunk.org) by thunker.thunk.org with local-esmtp (Exim 4.50 #1 (Debian)) id 1LKwDr-0007QE-7O; Thu, 08 Jan 2009 09:50:59 -0500 Received: from tytso by closure.thunk.org with local (Exim 4.69) (envelope-from ) id 1LKwDq-0006X6-A8; Thu, 08 Jan 2009 09:50:58 -0500 Date: Thu, 8 Jan 2009 09:50:58 -0500 From: Theodore Tso To: Eric Gray Cc: Peter Gutmann , v.paz@uq.edu.au, cfrg@irtf.org, ietf-smime@imc.org, saag@ietf.org, ietf-pkix@imc.org, tmiller@mitre.org Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Message-ID: <20090108145058.GE20121@mit.edu> References: <20090108135752.GC20121@mit.edu> <941D5DCD8C42014FAF70FB7424686DCF0468D33B@eusrcmw721.eamcs.ericsson.se> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <941D5DCD8C42014FAF70FB7424686DCF0468D33B@eusrcmw721.eamcs.ericsson.se> User-Agent: Mutt/1.5.17+20080114 (2008-01-14) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: tytso@mit.edu X-SA-Exim-Scanned: No (on thunker.thunk.org); SAEximRunCond expanded to false Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: On Thu, Jan 08, 2009 at 08:16:33AM -0600, Eric Gray wrote: > The notion of merchants and bankers "bearing the burden" is a > great fiction - at least if you're considering them as a group. In > individual cases, individual merchants/bankers will absorb losses, > but either that means they go out of business (which we see > sometimes) or they survive to defray their losses by charging > consumers more for their products and services. I didn't say it was a good way to run a railroad --- just as having more and more people read their news on-line for free, while reporters are paid via a business model that depends on rapidly diminishing advertising revenues for print and on-line banner ads, plus the vanishingly small number of people willing to pay for dead-tree versions of newspapers is a great way of running things. But the problem is very similar; if at least in the US, consumers are used to a model where they only pay for the costs of fraud via a surcharge which is hidden in the cost of the on-line merchant's prices, how do you convince them that it is worthwhile to pay for a trust certification service? Especially given that a merchant is still going to have to pay the 3% credit card fee to the credit card companies, which ends up showing up in the price of goods and/or services? > Since the consumer ultimately pays the price in any case, > perhaps a good argument can be made for paying a portion of it up > front? >From a public policy POV, perhaps. How you actually convince the consumers, merchants, credit card companies, and the rest of the system to transition from the current scheme to this new scheme is much more difficult than writing an RFC, alas. (And as we all know, writing and publishing RFC is no guarantee that the market will listen to us.) - Ted From owner-ietf-smime@mail.imc.org Thu Jan 8 09:17:06 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9C3283A63D3 for ; Thu, 8 Jan 2009 09:17:06 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.855 X-Spam-Level: X-Spam-Status: No, score=-5.855 tagged_above=-999 required=5 tests=[AWL=-0.756, BAYES_00=-2.599, J_CHICKENPOX_12=0.6, J_CHICKENPOX_19=0.6, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0WfIHSq8k5NI for ; Thu, 8 Jan 2009 09:17:05 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 289573A6407 for ; Thu, 8 Jan 2009 09:17:04 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n08G5hj5055328 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 8 Jan 2009 09:05:43 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n08G5hrw055327; Thu, 8 Jan 2009 09:05:43 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from smtp.nist.gov (rimp2.nist.gov [129.6.16.227]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n08G5Vce055312 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 8 Jan 2009 09:05:42 -0700 (MST) (envelope-from tim.polk@nist.gov) Received: from [192.168.15.166] (bethany.ncsl.nist.gov [129.6.52.15]) by smtp.nist.gov (8.13.1/8.13.1) with ESMTP id n08G5Ouu006074; Thu, 8 Jan 2009 11:05:26 -0500 In-Reply-To: <200901071116.MAA06692@TR-Sys.de> References: <200901071116.MAA06692@TR-Sys.de> Mime-Version: 1.0 (Apple Message framework v753.1) Content-Type: text/plain; charset=ISO-8859-1; delsp=yes; format=flowed Message-Id: Cc: ietf-smime@imc.org Content-Transfer-Encoding: quoted-printable From: Tim Polk Subject: Re: 3850bis and 3851bis: proposed changes to cryptographic key sizes Date: Thu, 8 Jan 2009 09:13:47 -0500 To: =?ISO-8859-1?Q?Alfred_H=CEnes?= X-Mailer: Apple Mail (2.753.1) X-NIST-MailScanner: Found to be clean X-NIST-MailScanner-From: tim.polk@nist.gov Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Hi Alfred, The lower bound was dropped for a couple of reasons. Practically =20 speaking, any RSA/DSA keys smaller than 1024 bits offer little security. =20 Setting any lower bound seems to imply that there is a significant break point, and I did not =20= want to give that implication. I also thought that implementations might want to =20 set a more aggressive bound (e.g., 768 bits) and leaving off the lower bound might encourage making an explicit choice rather than supporting 512 =20 because it was specified in the table. Perhaps the right thing would be to add one more sentence in each of the security considerations sections. For 3850bis: Note that previous versions of this standard set the lower bound for =20 RSA and DSA key sizes at 512 bits; implementations that support verification of =20 certificates or CRLs generated with weak keys MUST NOT support RSA or DSA keys of less =20 than 512 bits. For 3851bis: Note that previous versions of this standard set the lower bound for =20 RSA and DSA key sizes at 512 bits; implementations that support verification of =20 digital signatures generated with weak keys MUST NOT support RSA or DSA keys of less =20 than 512 bits. Would that address your concern? Thanks, Tim Polk On Jan 7, 2009, at 6:16 AM, Alfred H=CEnes wrote: > Folks, > > I agree with Paul with regard to the process (new I-D preferable). > > The AD proposed changes at first glance are intended to make the > requirements *stronger* (as far as possible without relying on > an official version of FIPS PUB 186-3) without sacrificing > backwards compatibility. > > Therefore, I agree with the amended Security Considerations text, > for both 3850bis and 3581 bis, and the changes proposed for > receiving agent (signature verifier) behavior -- although these > now allow small key sizes (< 512) which were not allowed by > RFC 3850, and hence this change comes a bit to surprise. > > However, I really do not understand why, at the 'low end', signature > *generating* agents shall now be allowed (via 'MAY') to generate > signatures with the even worse key sizes < 512, for both RSA and DSA. > Since already S/MIME v3.1 agents had no requirement for being able > to verify such signatures, why now adding the capability to produce > such signatures ? > > > Finally, nits for 3851bis, in (1) / Section 4.2 : > > - I suggest s!generated!generating! > > - Also, for alignment with (2) / Section 4.3, > it might be preferable to use plural: > > s!an S/MIME agent!S/MIME agents! > > > Kind regards, > Alfred. > > --=20 > > +------------------------=20 > +--------------------------------------------+ > | TR-Sys Alfred Hoenes | Alfred Hoenes Dipl.-Math., Dipl.-=20 > Phys. | > | Gerlinger Strasse 12 | Phone: (+49)7156/9635-0, Fax: =20 > -18 | > | D-71254 Ditzingen | E-Mail: ah@TR-=20 > Sys.de | > +------------------------=20 > +--------------------------------------------+ > From majordomo@alladultproductions.com Thu Jan 8 09:35:19 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A01E93A69A2 for ; Thu, 8 Jan 2009 09:35:19 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -26.606 X-Spam-Level: X-Spam-Status: No, score=-26.606 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_RELAY_NODNS=1.451, GB_I_LETTER=-2, HELO_MISMATCH_COM=0.553, HTML_EXTRA_CLOSE=2.809, HTML_IMAGE_ONLY_16=1.526, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_2=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, RDNS_NONE=0.1, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7m84onzF29lg for ; Thu, 8 Jan 2009 09:35:19 -0800 (PST) Received: from aace.com (unknown [189.48.161.63]) by core3.amsl.com (Postfix) with SMTP id CC7B03A63D3 for ; Thu, 8 Jan 2009 09:35:09 -0800 (PST) To: Subject: **Message you sent blocked by our bulk email filter** From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090108173511.CC7B03A63D3@core3.amsl.com> Date: Thu, 8 Jan 2009 09:35:09 -0800 (PST) About this mailing:
You are receiving this e-mail because you subscribed to MSN Featured Offers. Microsoft respects your privacy. If you do not wish to receive this MSN Featured Offers e-mail, please click the "Unsubscribe" link below. This will not unsubscribe you from e-mail communications from third-party advertisers that may appear in MSN Feature Offers. This shall not constitute an offer by MSN. MSN shall not be responsible or liable for the advertisers' content nor any of the goods or service advertised. Prices and item availability subject to change without notice.

C2008 Microsoft | Unsubscribe | More Newsletters | Privacy

Microsoft Corporation, One Microsoft Way, Redmond, WA 98052 From owner-ietf-smime@mail.imc.org Thu Jan 8 09:46:12 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5660B3A6813 for ; Thu, 8 Jan 2009 09:46:12 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[AWL=-0.247, BAYES_00=-2.599, HELO_MISMATCH_ORG=0.611, IP_NOT_FRIENDLY=0.334] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KX9H25LQvrkD for ; Thu, 8 Jan 2009 09:46:11 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 3BECB3A67EE for ; Thu, 8 Jan 2009 09:46:11 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n08GYl9U057363 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 8 Jan 2009 09:34:47 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n08GYlXx057361; Thu, 8 Jan 2009 09:34:47 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from thunker.thunk.org (THUNK.ORG [69.25.196.29]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n08GYiSg057336 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO); Thu, 8 Jan 2009 09:34:45 -0700 (MST) (envelope-from tytso@mit.edu) Received: from root (helo=closure.thunk.org) by thunker.thunk.org with local-esmtp (Exim 4.50 #1 (Debian)) id 1LKxq3-0007Zm-7B; Thu, 08 Jan 2009 11:34:31 -0500 Received: from tytso by closure.thunk.org with local (Exim 4.69) (envelope-from ) id 1LKxq2-0007BP-72; Thu, 08 Jan 2009 11:34:30 -0500 Date: Thu, 8 Jan 2009 11:34:30 -0500 From: Theodore Tso To: Eric Gray Cc: Peter Gutmann , v.paz@uq.edu.au, cfrg@irtf.org, ietf-smime@imc.org, saag@ietf.org, ietf-pkix@imc.org, tmiller@mitre.org Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogueCAcertificate Message-ID: <20090108163430.GH20121@mit.edu> References: <20090108135752.GC20121@mit.edu> <941D5DCD8C42014FAF70FB7424686DCF0468D33B@eusrcmw721.eamcs.ericsson.se> <20090108145058.GE20121@mit.edu> <941D5DCD8C42014FAF70FB7424686DCF0468D3FE@eusrcmw721.eamcs.ericsson.se> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <941D5DCD8C42014FAF70FB7424686DCF0468D3FE@eusrcmw721.eamcs.ericsson.se> User-Agent: Mutt/1.5.17+20080114 (2008-01-14) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: tytso@mit.edu X-SA-Exim-Scanned: No (on thunker.thunk.org); SAEximRunCond expanded to false Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: On Thu, Jan 08, 2009 at 09:11:21AM -0600, Eric Gray wrote: > As a result, some organizations already pay for news-feeds > from known (verifiably) reliable sources. Because on-line news is > also valuable because it's quickly delivered. No matter how you > get it, it's not necessarily free. Some do; some of us even subscribe to dead-tree versions of the newspapers even though we do most of our reading on-line, on the general theory that it's good public policy to support the Fourth Estate (since they serve a critical function keeping the government honest), even though we do most of our news reading online. The problem is very few people are willing to pay for on-line news when they can get the New York Times at http://www.nytimes.com (and many other news sources) for free. > As the Heinlein acronym "TANSTAAFL" says, there ain't no > such thing as a free lunch. And I suspect that an increasingly > large number of people are coming to really understand that. Yes, but there are a huge number of people who are used to receiving a lot of these services either for free, or bundled into prices (which have gotten cheaper as a result of e-commerce). This is basically the classic Tragedy of the Commons problem; how many people can *honestly* say that they've never gone to Best Buy or Circuit City to examine some device or gadget in person, and then gone on to buy it on-line because it was cheaper? And did so even though it should be *obvious* that the TANSTAAFL principle applied, and would in the long-run lead to the weakening or disappearance of the bricks-and-morter stores? - Ted From owner-ietf-smime@mail.imc.org Thu Jan 8 10:31:26 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 165513A6897 for ; Thu, 8 Jan 2009 10:31:26 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.585 X-Spam-Level: X-Spam-Status: No, score=-2.585 tagged_above=-999 required=5 tests=[AWL=0.014, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3R3K545+ZqnV for ; Thu, 8 Jan 2009 10:31:25 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 029223A63D3 for ; Thu, 8 Jan 2009 10:31:24 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n08IL1a8064571 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 8 Jan 2009 11:21:01 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n08IL1Qd064569; Thu, 8 Jan 2009 11:21:01 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from [10.20.30.158] (dsl-63-249-108-169.cruzio.com [63.249.108.169]) (authenticated bits=0) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n08IKuSG064552 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 8 Jan 2009 11:20:57 -0700 (MST) (envelope-from paul.hoffman@vpnc.org) Mime-Version: 1.0 Message-Id: In-Reply-To: <20090108163430.GH20121@mit.edu> References: <20090108135752.GC20121@mit.edu> <941D5DCD8C42014FAF70FB7424686DCF0468D33B@eusrcmw721.eamcs.ericsson.se> <20090108145058.GE20121@mit.edu> <941D5DCD8C42014FAF70FB7424686DCF0468D3FE@eusrcmw721.eamcs.ericsson.se> <20090108163430.GH20121@mit.edu> Date: Thu, 8 Jan 2009 10:20:55 -0800 To: cfrg@irtf.org, ietf-smime@imc.org, saag@ietf.org, ietf-pkix@imc.org From: Paul Hoffman Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogueCAcertificate Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Folks: is rehashing the blue-sky discussions of how to create a better trust model for SSL without a stable proposal to look at really a good use of the the CFRG, SAAG, S/MIME, and PKIX mailing lists? If you want to be serious about this, please write an Internet Draft and set up a mailing list for the discussion. Invite people from these lists to join, and maybe announce revisions to your draft. Be sure to invite people from the Mozilla security community: they are having their own (perpetually repeating) discussion of this, again without a stable document to comment on. We *can* change the security model, but not with the current method of discussion-without-focus. --Paul Hoffman, Director --VPN Consortium From owner-ietf-smime@mail.imc.org Thu Jan 8 13:15:07 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8AA323A6A70 for ; Thu, 8 Jan 2009 13:15:07 -0800 (PST) X-Quarantine-ID: X-Virus-Scanned: amavisd-new at amsl.com X-Amavis-Alert: BAD HEADER, Non-encoded 8-bit data (char CE hex): To: ...m.polk@nist.gov>, Alfred H\316nes \n X-Spam-Flag: NO X-Spam-Score: -2.449 X-Spam-Level: X-Spam-Status: No, score=-2.449 tagged_above=-999 required=5 tests=[AWL=-0.150, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ysck54oNbWrX for ; Thu, 8 Jan 2009 13:15:06 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 73C223A6936 for ; Thu, 8 Jan 2009 13:15:06 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n08K0ehQ069460 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 8 Jan 2009 13:00:40 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n08K0e6n069459; Thu, 8 Jan 2009 13:00:40 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from [10.20.30.158] (dsl-63-249-108-169.cruzio.com [63.249.108.169]) (authenticated bits=0) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n08K0WSm069446 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 8 Jan 2009 13:00:33 -0700 (MST) (envelope-from phoffman@imc.org) Mime-Version: 1.0 Message-Id: In-Reply-To: References: <200901071116.MAA06692@TR-Sys.de> Date: Thu, 8 Jan 2009 12:00:30 -0800 To: Tim Polk , Alfred HÎnes From: Paul Hoffman Subject: Re: 3850bis and 3851bis: proposed changes to cryptographic key sizes Cc: ietf-smime@imc.org Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: At 9:13 AM -0500 1/8/09, Tim Polk wrote: >Hi Alfred, > >The lower bound was dropped for a couple of reasons. Practically speaking, >any RSA/DSA keys smaller than 1024 bits offer little security. >Setting any lower bound >seems to imply that there is a significant break point, and I did not want to give >that implication. I also thought that implementations might want to set a more >aggressive bound (e.g., 768 bits) and leaving off the lower bound might >encourage making an explicit choice rather than supporting 512 because it >was specified in the table. > >Perhaps the right thing would be to add one more sentence in each of the >security considerations sections. > >For 3850bis: > >Note that previous versions of this standard set the lower bound for RSA and DSA key >sizes at 512 bits; implementations that support verification of certificates or CRLs >generated with weak keys MUST NOT support RSA or DSA keys of less than 512 bits. > >For 3851bis: > >Note that previous versions of this standard set the lower bound for RSA and DSA key >sizes at 512 bits; implementations that support verification of digital signatures >generated with weak keys MUST NOT support RSA or DSA keys of less than 512 bits. > >Would that address your concern? I cannot say if it affects Alfred's concern, but I *strongly* object to such a normative change at this late date in the document cycle. Your original logic (don't imply a break point) is still valid. There may be perfectly valid local policy for a site to want to support shorter keys for historical reasons. We have already made it clear what the interoperability issues are, and we have set them based on security in the Internet context. The current wording obviously discourages anything under 1024 bits. From jwood@aeroflash.com Thu Jan 8 15:03:26 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AE6F63A6A47 for ; Thu, 8 Jan 2009 15:03:26 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -22.59 X-Spam-Level: X-Spam-Status: No, score=-22.59 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, HTML_IMAGE_ONLY_04=2.041, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_1=0.001, MIME_HTML_ONLY=1.457, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, RDNS_NONE=0.1, SARE_HTML_A_BODY=0.742, SARE_HTML_IMG_ONLY=1.666, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HEblEDhM8zIa for ; Thu, 8 Jan 2009 15:03:26 -0800 (PST) Received: from advest.com (unknown [189.122.93.224]) by core3.amsl.com (Postfix) with SMTP id EBA3C3A67F8 for ; Thu, 8 Jan 2009 15:03:24 -0800 (PST) To: Subject: Where are you, I'm frozen! From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090108230324.EBA3C3A67F8@core3.amsl.com> Date: Thu, 8 Jan 2009 15:03:24 -0800 (PST) Having trouble viewing this email? Click here to view as a webpage. From owner-ietf-smime@mail.imc.org Thu Jan 8 15:32:55 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BAF923A68B2 for ; Thu, 8 Jan 2009 15:32:55 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.099 X-Spam-Level: X-Spam-Status: No, score=-0.099 tagged_above=-999 required=5 tests=[AWL=2.150, BAYES_00=-2.599, HELO_EQ_DE=0.35] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fB4wzw2cFAOZ for ; Thu, 8 Jan 2009 15:32:54 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 1D13B3A67A3 for ; Thu, 8 Jan 2009 15:32:53 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n08MNuFT076677 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 8 Jan 2009 15:23:56 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n08MNuXs076676; Thu, 8 Jan 2009 15:23:56 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from WOTAN.TR-Sys.de (gateway.tr-sys.de [213.178.172.147]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n08MNfI5076658 for ; Thu, 8 Jan 2009 15:23:53 -0700 (MST) (envelope-from A.Hoenes@tr-sys.de) Received: from ZEUS.TR-Sys.de by w. with ESMTP ($Revision: 1.37.109.26 $/16.3) id AA218623322; Thu, 8 Jan 2009 23:22:02 +0100 Received: (from ah@localhost) by z.TR-Sys.de (8.9.3 (PHNE_25183)/8.7.3) id XAA09406 for ietf-smime@imc.org; Thu, 8 Jan 2009 23:22:01 +0100 (MEZ) Received: from ZEUS.TR-Sys.de by w. with ESMTP ($Revision: 1.37.109.26 $/16.3) id AA217455704; Thu, 8 Jan 2009 18:28:24 +0100 Received: (from ah@localhost) by z.TR-Sys.de (8.9.3 (PHNE_25183)/8.7.3) id SAA09062; Thu, 8 Jan 2009 18:28:23 +0100 (MEZ) From: "Alfred H\Nnes" To: tim.polk@nist.gov Cc: ietf-pkix@imc.org In-Reply-To: from Tim Polk at Jan "8, 2009 09:13:47" am Message-Id: <200901081728.SAA09062@TR-Sys.de> Date: Thu, 8 Jan 2009 18:28:22 +0100 (MEZ) Subject: Re: 3850bis and 3851bis: proposed changes to cryptographic key sizes Mime-Version: 1.0 Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: On Thu, 8 Jan 2009 09:13:47 -0500, Tim Polk wrote: > Hi Alfred, > > The lower bound was dropped for a couple of reasons. Practically > speaking, any RSA/DSA keys smaller than 1024 bits offer little > security. ... Agreed. (... I bet by all -- maybe except the majority of lazy users and admins, and a few vendors ... :-) ) > ... Setting any lower bound seems to imply that there is > a significant break point, and I did not want to give that > implication. My primary observation was that removing the break (that more or less explicitely was present in S/MIME v3.1) might be observed by implementers updating their software as indicating the converse. > I also thought that implementations might want to set a more > aggressive bound (e.g., 768 bits) and leaving off the lower > bound might encourage making an explicit choice rather than > supporting 512 because it was specified in the table. That conceivably is comprised in the "MAY". > Perhaps the right thing would be to add one more sentence in each > of the security considerations sections. > > For 3850bis: > > Note that previous versions of this standard set the lower bound > for RSA and DSA key sizes at 512 bits; implementations that support > verification of certificates or CRLs generated with weak keys MUST > NOT support RSA or DSA keys of less than 512 bits. > > For 3851bis: > > Note that previous versions of this standard set the lower bound > for RSA and DSA key sizes at 512 bits; implementations that support > verification of digital signatures generated with weak keys MUST > NOT support RSA or DSA keys of less than 512 bits. > > Would that address your concern? Only marginally. These additions are useful as they contain additional information not present elsewhere. But my major concern was *not* the considerations for *receiving* agents (signature / certificate / CRL *verification*), it was for agents *generating* signatures (cf. the final paragraph quoted below). All arguments w.r.t. installed base, existing certs, filed messages, etc. hold for the verifier case, but they should not entangle the production of new signatures. Furthermore, despite the iterated parenthetical clause "see Security Considerations" in the quoted requirements sections, I strongly fear that many folks will be tempted to conceive the striking tabular form there as "the message" the memo sends to implementors. If (only) the above explanations (and/or similar text for signature generation) were added to the Security Considerations, then *their* message should be clear -- but it might be overlooked. Furthermore, arguably the tabular forms and the explanations would be inconsistent, with a "MUST NOT" superimposed over the "MAY" in the tabular form. I strongly suspect that this would be perceived as confusing, and at best cause never-ending discussions after the next succcessfully solved RSA Challenge. Therefore, I'd prefer having the "MUST NOT" lines for key size < 512 also added to the tabular listing of (at least) the signature generating requirements. > Thanks, > > Tim Polk One more point: Based on the still ongoing discussion on rogue certificates, the 3850bis Security Considerations should perhaps also be amended giving a perspective on probable ongoing consequences, for instance raising the awareness of the reader for expected enhancements, e.g. the use of Randomized Hashing. I suggest that the PKIX working group should start working on that topic ASAP, and SMIME should build on such work, with a document amending 3850bis. > On Jan 7, 2009, at 6:16 AM, Alfred HÎnes wrote: > >> Folks, >> >> I agree with Paul with regard to the process (new I-D preferable). >> >> The AD proposed changes at first glance are intended to make the >> requirements *stronger* (as far as possible without relying on >> an official version of FIPS PUB 186-3) without sacrificing >> backwards compatibility. >> >> Therefore, I agree with the amended Security Considerations text, >> for both 3850bis and 3581bis, and the changes proposed for >> receiving agent (signature verifier) behavior -- although these >> now allow small key sizes (< 512) which were not allowed by >> RFC 3850, and hence this change comes a bit to surprise. >> >> However, I really do not understand why, at the 'low end', signature >> *generating* agents shall now be allowed (via 'MAY') to generate >> signatures with the even worse key sizes < 512, for both RSA and DSA. >> Since already S/MIME v3.1 agents had no requirement for being able >> to verify such signatures, why now adding the capability to produce >> such signatures ? >> >> ... Kind regards, Alfred. -- +------------------------+--------------------------------------------+ | TR-Sys Alfred Hoenes | Alfred Hoenes Dipl.-Math., Dipl.-Phys. | | Gerlinger Strasse 12 | Phone: (+49)7156/9635-0, Fax: -18 | | D-71254 Ditzingen | E-Mail: ah@TR-Sys.de | +------------------------+--------------------------------------------+ From owner-ietf-smime@mail.imc.org Thu Jan 8 19:43:00 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C6BB33A6876 for ; Thu, 8 Jan 2009 19:43:00 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.967 X-Spam-Level: X-Spam-Status: No, score=-5.967 tagged_above=-999 required=5 tests=[AWL=0.632, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xwseR0ibjnbW for ; Thu, 8 Jan 2009 19:43:00 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 99F273A67FD for ; Thu, 8 Jan 2009 19:42:59 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n092S1pL086805 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 8 Jan 2009 19:28:01 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n092S1LC086804; Thu, 8 Jan 2009 19:28:01 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from mailhost.auckland.ac.nz (moe.its.auckland.ac.nz [130.216.12.35]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n092RmBk086781; Thu, 8 Jan 2009 19:28:00 -0700 (MST) (envelope-from pgut001@cs.auckland.ac.nz) Received: from localhost (localhost.localdomain [127.0.0.1]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id E119D480B69; Fri, 9 Jan 2009 15:27:47 +1300 (NZDT) X-Virus-Scanned: by amavisd-new at mailhost.auckland.ac.nz Received: from mailhost.auckland.ac.nz ([127.0.0.1]) by localhost (moe.its.auckland.ac.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OQwQOQG9i2MP; Fri, 9 Jan 2009 15:27:47 +1300 (NZDT) Received: from iris.cs.auckland.ac.nz (iris.cs.auckland.ac.nz [130.216.33.152]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id 103DF480A1A; Fri, 9 Jan 2009 15:27:37 +1300 (NZDT) Received: from wintermute01.cs.auckland.ac.nz (wintermute01.cs.auckland.ac.nz [130.216.34.38]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by iris.cs.auckland.ac.nz (Postfix) with ESMTP id 83FDB1AE4003; Fri, 9 Jan 2009 15:27:35 +1300 (NZDT) Received: from pgut001 by wintermute01.cs.auckland.ac.nz with local (Exim 4.63) (envelope-from ) id 1LL75z-0005wf-CT; Fri, 09 Jan 2009 15:27:35 +1300 From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: eric.gray@ericsson.com, pgut001@cs.auckland.ac.nz, tytso@mit.edu Subject: RE: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Cc: cfrg@irtf.org, ietf-pkix@imc.org, ietf-smime@imc.org, saag@ietf.org, tmiller@mitre.org, v.paz@uq.edu.au In-Reply-To: <941D5DCD8C42014FAF70FB7424686DCF0468D33B@eusrcmw721.eamcs.ericsson.se> Message-Id: Date: Fri, 09 Jan 2009 15:27:35 +1300 Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: "Eric Gray" writes: >Since the consumer ultimately pays the price in any case, perhaps a good >argument can be made for paying a portion of it up front? And how are you going to convince the consumer of this? They get "free" protection currently with their credit cards, and now they have to pay for it? (In fact there's already been a case of this failing in the past, when banks asked customers to pay a little extra to get their photos put on their credit cards for fraud protection. Went down like a lead zeppelin). Anything that involves customers having to pay for something that they consider as a right to get for free is going to fail before it even starts. That's actually not as bad as it sounds since it's one of the few hard-and- fast design guidelines for this area, unlike most other things ("this may or may not work, depending on the circumstances"). Peter. From ankush.bahl@olympia-international.com Thu Jan 8 23:33:12 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CF9DE3A65A5; Thu, 8 Jan 2009 23:33:12 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -22.158 X-Spam-Level: X-Spam-Status: No, score=-22.158 tagged_above=-999 required=5 tests=[BAYES_80=2, GB_ROLEX=5, J_CHICKENPOX_15=0.6, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_XBL=3.033, SARE_SPEC_ROLEX=1.666, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SBL=20, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vc0CE9Ap9Gr4; Thu, 8 Jan 2009 23:33:12 -0800 (PST) Received: from U62.N143.QueensU.CA (U62.N143.QueensU.CA [130.15.143.62]) by core3.amsl.com (Postfix) with SMTP id BD9593A692C; Thu, 8 Jan 2009 23:32:47 -0800 (PST) X-Originating-IP: 253.233.238.168 by smtp.130.15.143.62; Fri, 09 Jan 2009 05:28:31 -0100 Message-ID: Subject: Rolex Submariner Full 18k Gold New Year Bargain Date: Fri, 09 Jan 2009 01:32:31 -0500 From: "Dianna Yazzie" To: "Nicole Patton" Content-Type: text/plain; Content-Transfer-Encoding: 7bit Hello Nicole Get the Finest Rolex Watches here! We only sell premium watches. These original watches sell in stores for thousands of dollars. We sell them for much less. http://www.lanemake.com/brand.php?br_x=37 * Automatic movement. * Hack mechanism (second hand stops when crown is pulled out to set the time . standard feature on all genuine Rolex watches). * Diver.s extension to watch bracelet. * Sapphire crystal watchglass. * Screws in the links, not pins. * Rolex logo etched at 6 o.clock position on watch dial. * Gold date wheel (as per genuine Rolex All Gold models). * Rubber seal at trip-lock winding crown. * Heavily micron-plated genuine gold. * Magnified quick-set date at 3 o.clock position. * Serial band/number on last link/lugs. * Fliplock oyster bracelet, steelinox clasp, serial number on clasp. * Solid back with characteristic Rolex green sticker. * Screw-in watch crown. * Luminescent hour markers/hands. * All the appropriate Rolex markings in the correct places. http://www.lanemake.com/product.php?Brand=37&Model=4&Product=1 New Year discount this week only! Make your order before the prices go up. Best regards, Mr. Patton From oo.netweaverr@adea.org Fri Jan 9 04:30:19 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F26AF3A692C for ; Fri, 9 Jan 2009 04:30:18 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.42 X-Spam-Level: X-Spam-Status: No, score=-14.42 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, GB_I_LETTER=-2, HELO_DYNAMIC_HCC=4.295, HELO_DYNAMIC_IPADDR2=4.395, HELO_EQ_DSL=1.129, HTML_IMAGE_ONLY_16=1.526, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_2=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, RDNS_DYNAMIC=0.1, SARE_UNI=0.591, TVD_RCVD_IP=1.931, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZOdlcdinJmp9 for ; Fri, 9 Jan 2009 04:30:18 -0800 (PST) Received: from 93-136-99-164.adsl.net.t-com.hr (93-136-99-164.adsl.net.t-com.hr [93.136.99.164]) by core3.amsl.com (Postfix) with SMTP id 39FC33A67CF for ; Fri, 9 Jan 2009 04:30:15 -0800 (PST) To: Subject: Re: Order status 90107 From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090109123016.39FC33A67CF@core3.amsl.com> Date: Fri, 9 Jan 2009 04:30:15 -0800 (PST)
About this mailing:
You are receiving this e-mail because you subscribed to MSN Featured Offers. Microsoft respects your privacy. If you do not wish to receive this MSN Featured Offers e-mail, please click the "Unsubscribe" link below. This will not unsubscribe you from e-mail communications from third-party advertisers that may appear in MSN Feature Offers. This shall not constitute an offer by MSN. MSN shall not be responsible or liable for the advertisers' content nor any of the goods or service advertised. Prices and item availability subject to change without notice.

c2008 Microsoft | Unsubscribe | More Newsletters | Privacy

Microsoft Corporation, One Microsoft Way, Redmond, WA 07094
From owner-ietf-smime@mail.imc.org Fri Jan 9 09:41:13 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DE8843A6807 for ; Fri, 9 Jan 2009 09:41:13 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.373 X-Spam-Level: X-Spam-Status: No, score=-2.373 tagged_above=-999 required=5 tests=[AWL=0.226, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ldVDvYjU-TM7 for ; Fri, 9 Jan 2009 09:41:12 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 21A313A6403 for ; Fri, 9 Jan 2009 09:41:11 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n09GNlxt025072 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 9 Jan 2009 09:23:47 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n09GNlaJ025071; Fri, 9 Jan 2009 09:23:47 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from smtp110.biz.mail.re2.yahoo.com (smtp110.biz.mail.re2.yahoo.com [206.190.53.9]) by balder-227.proper.com (8.14.2/8.14.2) with SMTP id n09GNZfJ025052 for ; Fri, 9 Jan 2009 09:23:46 -0700 (MST) (envelope-from turners@ieca.com) Received: (qmail 84302 invoked from network); 9 Jan 2009 16:23:35 -0000 Received: from unknown (HELO ?192.168.1.2?) (turners@96.241.5.189 with plain) by smtp110.biz.mail.re2.yahoo.com with SMTP; 9 Jan 2009 16:23:34 -0000 X-YMail-OSG: nWEfxsQVM1mofIpDcvIG8eWXmbkMNdc5Vzihp7nGy3Il6Y2215mbC9SoCho4UvOqbCnhvIIxSCm3Pauj11lUKE04Y6.9R4TyUc2.gP5I4LbdByD6tU8FXFS4ZmdYLYRX5kru.rWBHVRkr8FhSjyiwhJL8bTFS2QLqIaodJMkgsapgK48eNmY3BKDE4EkYA-- X-Yahoo-Newman-Property: ymail-3 Message-ID: <49677A01.3040402@ieca.com> Date: Fri, 09 Jan 2009 11:23:29 -0500 From: Sean Turner User-Agent: Thunderbird 2.0.0.19 (Windows/20081209) MIME-Version: 1.0 To: Paul Hoffman CC: Tim Polk , =?ISO-8859-1?Q?Alfred_H=CEnes?= , ietf-smime@imc.org Subject: Re: 3850bis and 3851bis: proposed changes to cryptographic key sizes References: <200901071116.MAA06692@TR-Sys.de> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Paul Hoffman wrote: > At 9:13 AM -0500 1/8/09, Tim Polk wrote: >> Hi Alfred, >> >> The lower bound was dropped for a couple of reasons. Practically speaking, >> any RSA/DSA keys smaller than 1024 bits offer little security. >> Setting any lower bound >> seems to imply that there is a significant break point, and I did not want to give >> that implication. I also thought that implementations might want to set a more >> aggressive bound (e.g., 768 bits) and leaving off the lower bound might >> encourage making an explicit choice rather than supporting 512 because it >> was specified in the table. >> >> Perhaps the right thing would be to add one more sentence in each of the >> security considerations sections. >> >> For 3850bis: >> >> Note that previous versions of this standard set the lower bound for RSA and DSA key >> sizes at 512 bits; implementations that support verification of certificates or CRLs >> generated with weak keys MUST NOT support RSA or DSA keys of less than 512 bits. >> >> For 3851bis: >> >> Note that previous versions of this standard set the lower bound for RSA and DSA key >> sizes at 512 bits; implementations that support verification of digital signatures >> generated with weak keys MUST NOT support RSA or DSA keys of less than 512 bits. >> >> Would that address your concern? > > I cannot say if it affects Alfred's concern, but I *strongly* object to such a normative change at this late date in the document cycle. Your original logic (don't imply a break point) is still valid. There may be perfectly valid local policy for a site to want to support shorter keys for historical reasons. We have already made it clear what the interoperability issues are, and we have set them based on security in the Internet context. The current wording obviously discourages anything under 1024 bits. I think I'm with Paul on not including this text. We're giving a pretty darn big hint not to use keys less than 1024, but if they really really need to they ought to be able to without being considered non-compliant. spt From owner-ietf-smime@mail.imc.org Fri Jan 9 10:07:33 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9D4D63A69C6 for ; Fri, 9 Jan 2009 10:07:33 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.587 X-Spam-Level: X-Spam-Status: No, score=-2.587 tagged_above=-999 required=5 tests=[AWL=0.012, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZOYSe8yK0ZkP for ; Fri, 9 Jan 2009 10:07:32 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 637763A699E for ; Fri, 9 Jan 2009 10:07:32 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n09GqPA2027240 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 9 Jan 2009 09:52:25 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n09GqPVn027239; Fri, 9 Jan 2009 09:52:25 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from [10.20.30.158] (dsl-63-249-108-169.cruzio.com [63.249.108.169]) (authenticated bits=0) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n09GqMx0027225 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 9 Jan 2009 09:52:23 -0700 (MST) (envelope-from paul.hoffman@vpnc.org) Mime-Version: 1.0 Message-Id: Date: Fri, 9 Jan 2009 08:52:21 -0800 To: ietf-pkix@imc.org, ietf-smime@imc.org From: Paul Hoffman Subject: New modules drafts posted Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Greetings again. This message should appear after the posting announcements for draft-ietf-pkix-new-asn1-02 and draft-ietf-smime-new-asn1-02 appear. If not, please wait a bit. :-) Jim and I have major changes to the modules, and we think that our work is now done, modulo bug fixes. To that end, we would *really* like folks on either of these two lists who have ASN.1 compilers that handle the 2002 syntax to review the modules carefully and let both lists know if there are any errors. In addition, we are still open to comments on our choice of style for the new objects in the modules. If you want to get copies of the modules without tedious copy-and-pasting, get the latest version of a2c from the a2c project (), specifically either or . The modules are in the test/ directory. The makefile in that directory has all of the dependencies needed, although we are happy to have you test your own dependencie chain yourself. At this point, we think that comments to both lists are appropriate, given the shared design between the two drafts and the heavy cross-dependencies between the modules. --Paul Hoffman, Director --VPN Consortium From owner-ietf-smime@mail.imc.org Fri Jan 9 10:14:10 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A0FF63A6A36 for ; Fri, 9 Jan 2009 10:14:10 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -104.668 X-Spam-Level: X-Spam-Status: No, score=-104.668 tagged_above=-999 required=5 tests=[AWL=1.931, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o9bdakHjEXqb for ; Fri, 9 Jan 2009 10:14:10 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id C1B923A699E for ; Fri, 9 Jan 2009 10:14:08 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n09GxnMM027692 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 9 Jan 2009 09:59:49 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n09GxnEG027690; Fri, 9 Jan 2009 09:59:49 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from mail.ietf.org (mail.ietf.org [64.170.98.32]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n09Gxmnl027676 for ; Fri, 9 Jan 2009 09:59:49 -0700 (MST) (envelope-from root@core3.amsl.com) Received: by core3.amsl.com (Postfix, from userid 0) id D2A603A6917; Fri, 9 Jan 2009 09:00:01 -0800 (PST) From: Internet-Drafts@ietf.org To: i-d-announce@ietf.org Cc: ietf-smime@imc.org Subject: I-D Action:draft-ietf-smime-new-asn1-02.txt Content-Type: Multipart/Mixed; Boundary="NextPart" Mime-Version: 1.0 Message-Id: <20090109170001.D2A603A6917@core3.amsl.com> Date: Fri, 9 Jan 2009 09:00:01 -0800 (PST) Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the S/MIME Mail Security Working Group of the IETF. Title : New ASN.1 Modules for CMS and S/MIME Author(s) : P. Hoffman, J. Schaad Filename : draft-ietf-smime-new-asn1-02.txt Pages : 61 Date : 2009-01-09 The Cryptographic Message Syntax (CMS) format, and many associated formats, are expressed using ASN.1. The current ASN.1 modules conform to the 1988 version of ASN.1. This document updates those ASN.1 modules to conform to the 2002 version of ASN.1. There are no bits-on-the-wire changes to any of the formats; this is simply a change to the syntax. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-smime-new-asn1-02.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Message/External-body; name="draft-ietf-smime-new-asn1-02.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2009-01-09084625.I-D@ietf.org> --NextPart-- From latwaune@akins.com Sat Jan 10 06:59:41 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 722F23A689B for ; Sat, 10 Jan 2009 06:59:41 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -18.192 X-Spam-Level: X-Spam-Status: No, score=-18.192 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, GB_I_LETTER=-2, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_MODEMCABLE=0.768, HOST_EQ_MODEMCABLE=1.368, HTML_IMAGE_ONLY_12=2.46, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_1=0.001, MIME_HTML_ONLY=1.457, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_SC_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lXKfTbu5+tEz for ; Sat, 10 Jan 2009 06:59:40 -0800 (PST) Received: from bzq-84-108-176-174.cablep.bezeqint.net (bzq-84-108-176-174.cablep.bezeqint.net [84.108.176.174]) by core3.amsl.com (Postfix) with SMTP id 0D78F3A67D7 for ; Sat, 10 Jan 2009 06:59:28 -0800 (PST) To: Subject: RE: Message 41915 From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090110145932.0D78F3A67D7@core3.amsl.com> Date: Sat, 10 Jan 2009 06:59:28 -0800 (PST)

©2008 Microsoft | Unsubscribe | More Newsletters | Privacy

Microsoft Corporation, One Microsoft Way, Redmond, WA 65150
From lakhanitotdt@aisiservices.com Sat Jan 10 14:05:21 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 74B1D3A689D for ; Sat, 10 Jan 2009 14:05:21 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -21.943 X-Spam-Level: X-Spam-Status: No, score=-21.943 tagged_above=-999 required=5 tests=[BAYES_99=3.5, GB_I_LETTER=-2, HELO_DYNAMIC_DHCP=1.398, HELO_EQ_PL=1.135, HOST_EQ_PL=1.95, HTML_IMAGE_ONLY_16=1.526, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_2=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MMOyOsQHbYfu for ; Sat, 10 Jan 2009 14:05:20 -0800 (PST) Received: from CMPC008-105.CNet2.Gawex.PL (CMPC008-105.CNet2.Gawex.PL [84.205.8.105]) by core3.amsl.com (Postfix) with SMTP id 18A523A6861 for ; Sat, 10 Jan 2009 14:05:08 -0800 (PST) To: Subject: Re: Order status 56211 From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090110220519.18A523A6861@core3.amsl.com> Date: Sat, 10 Jan 2009 14:05:08 -0800 (PST)
About this mailing:
You are receiving this e-mail because you subscribed to MSN Featured Offers. Microsoft respects your privacy. If you do not wish to receive this MSN Featured Offers e-mail, please click the "Unsubscribe" link below. This will not unsubscribe you from e-mail communications from third-party advertisers that may appear in MSN Feature Offers. This shall not constitute an offer by MSN. MSN shall not be responsible or liable for the advertisers' content nor any of the goods or service advertised. Prices and item availability subject to change without notice.

c2008 Microsoft | Unsubscribe | More Newsletters | Privacy

Microsoft Corporation, One Microsoft Way, Redmond, WA 72807
From konursales@alceprefab.com.tr Sun Jan 11 07:55:13 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 43A893A6359 for ; Sun, 11 Jan 2009 07:55:13 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -25.345 X-Spam-Level: X-Spam-Status: No, score=-25.345 tagged_above=-999 required=5 tests=[BAYES_99=3.5, GB_I_LETTER=-2, HELO_EQ_DSL=1.129, HELO_EQ_PL=1.135, HOST_EQ_PL=1.95, HTML_IMAGE_ONLY_16=1.526, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_2=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OIYfQEMxi7Q9 for ; Sun, 11 Jan 2009 07:55:12 -0800 (PST) Received: from acfr39.neoplus.adsl.tpnet.pl (acfr39.neoplus.adsl.tpnet.pl [83.9.219.39]) by core3.amsl.com (Postfix) with SMTP id 6E4083A68E6 for ; Sun, 11 Jan 2009 07:55:10 -0800 (PST) To: Subject: Re: Order status 21651 From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090111155511.6E4083A68E6@core3.amsl.com> Date: Sun, 11 Jan 2009 07:55:10 -0800 (PST)
About this mailing:
You are receiving this e-mail because you subscribed to MSN Featured Offers. Microsoft respects your privacy. If you do not wish to receive this MSN Featured Offers e-mail, please click the "Unsubscribe" link below. This will not unsubscribe you from e-mail communications from third-party advertisers that may appear in MSN Feature Offers. This shall not constitute an offer by MSN. MSN shall not be responsible or liable for the advertisers' content nor any of the goods or service advertised. Prices and item availability subject to change without notice.

c2008 Microsoft | Unsubscribe | More Newsletters | Privacy

Microsoft Corporation, One Microsoft Way, Redmond, WA 45017
From lt@abcdata.com.pl Sun Jan 11 10:50:03 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E494A3A688B for ; Sun, 11 Jan 2009 10:50:03 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -37.455 X-Spam-Level: X-Spam-Status: No, score=-37.455 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_RELAY_NODNS=1.451, GB_I_LETTER=-2, HELO_MISMATCH_COM=0.553, HTML_IMAGE_ONLY_16=1.526, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_2=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RDNS_NONE=0.1, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AS5WCQ02tKcp for ; Sun, 11 Jan 2009 10:50:03 -0800 (PST) Received: from amdocs.com (unknown [92.112.231.155]) by core3.amsl.com (Postfix) with SMTP id F02E93A6870 for ; Sun, 11 Jan 2009 10:49:59 -0800 (PST) To: Subject: Re: Order status 38665 From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090111184959.F02E93A6870@core3.amsl.com> Date: Sun, 11 Jan 2009 10:49:59 -0800 (PST)
About this mailing:
You are receiving this e-mail because you subscribed to MSN Featured Offers. Microsoft respects your privacy. If you do not wish to receive this MSN Featured Offers e-mail, please click the "Unsubscribe" link below. This will not unsubscribe you from e-mail communications from third-party advertisers that may appear in MSN Feature Offers. This shall not constitute an offer by MSN. MSN shall not be responsible or liable for the advertisers' content nor any of the goods or service advertised. Prices and item availability subject to change without notice.

c2008 Microsoft | Unsubscribe | More Newsletters | Privacy

Microsoft Corporation, One Microsoft Way, Redmond, WA 14783
From mia.crooks@allianceoneinc.com Sun Jan 11 16:14:29 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0B4C13A68A9 for ; Sun, 11 Jan 2009 16:14:29 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -36.348 X-Spam-Level: X-Spam-Status: No, score=-36.348 tagged_above=-999 required=5 tests=[BAYES_99=3.5, GB_I_LETTER=-2, HTML_IMAGE_ONLY_16=1.526, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_2=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_XBL=3.033, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ygzZt4Ezs9jK for ; Sun, 11 Jan 2009 16:14:28 -0800 (PST) Received: from mpe-2-135.mpe.lv (mpe-2-135.mpe.lv [83.241.2.135]) by core3.amsl.com (Postfix) with SMTP id 53BD63A67F8 for ; Sun, 11 Jan 2009 16:14:26 -0800 (PST) To: Subject: Re: Order status 21043 From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090112001427.53BD63A67F8@core3.amsl.com> Date: Sun, 11 Jan 2009 16:14:26 -0800 (PST)
About this mailing:
You are receiving this e-mail because you subscribed to MSN Featured Offers. Microsoft respects your privacy. If you do not wish to receive this MSN Featured Offers e-mail, please click the "Unsubscribe" link below. This will not unsubscribe you from e-mail communications from third-party advertisers that may appear in MSN Feature Offers. This shall not constitute an offer by MSN. MSN shall not be responsible or liable for the advertisers' content nor any of the goods or service advertised. Prices and item availability subject to change without notice.

c2008 Microsoft | Unsubscribe | More Newsletters | Privacy

Microsoft Corporation, One Microsoft Way, Redmond, WA 38903
From kfarah@agor.net Mon Jan 12 05:41:15 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E43CF3A69BC for ; Mon, 12 Jan 2009 05:41:15 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -43.892 X-Spam-Level: X-Spam-Status: No, score=-43.892 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_RELAY_NODNS=1.451, GB_I_LETTER=-2, HTML_IMAGE_ONLY_16=1.526, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_2=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, RDNS_NONE=0.1, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_RHS_DOB=1.083, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TxgXoP+EtVxh for ; Mon, 12 Jan 2009 05:41:15 -0800 (PST) Received: from agexpront.org.gt (unknown [190.246.50.44]) by core3.amsl.com (Postfix) with SMTP id D657B3A6962 for ; Mon, 12 Jan 2009 05:41:12 -0800 (PST) To: Subject: Your order 88001 From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090112134113.D657B3A6962@core3.amsl.com> Date: Mon, 12 Jan 2009 05:41:12 -0800 (PST)
About this mailing:
You are receiving this e-mail because you subscribed to MSN Featured Offers. Microsoft respects your privacy. If you do not wish to receive this MSN Featured Offers e-mail, please click the "Unsubscribe" link below. This will not unsubscribe you from e-mail communications from third-party advertisers that may appear in MSN Feature Offers. This shall not constitute an offer by MSN. MSN shall not be responsible or liable for the advertisers' content nor any of the goods or service advertised. Prices and item availability subject to change without notice.

c2008 Microsoft | Unsubscribe | More Newsletters | Privacy

Microsoft Corporation, One Microsoft Way, Redmond, WA 49265
From bjjiasheng@hnmazda.sina.net Mon Jan 12 07:31:54 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0623F28B56A; Mon, 12 Jan 2009 07:31:54 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.336 X-Spam-Level: X-Spam-Status: No, score=-2.336 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_HCC=4.295, HELO_DYNAMIC_IPADDR2=4.395, HELO_EQ_BR=0.955, HELO_EQ_DSL=1.129, HOST_EQ_BR=1.295, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, TVD_RCVD_IP=1.931, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_SBL=20, URIBL_SC_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MbtDnSf-eBQJ; Mon, 12 Jan 2009 07:31:53 -0800 (PST) Received: from 201-66-29-81.ctaje700.dsl.brasiltelecom.net.br (201-66-29-81.ctaje700.dsl.brasiltelecom.net.br [201.66.29.81]) by core3.amsl.com (Postfix) with SMTP id 483073A67D4; Mon, 12 Jan 2009 07:31:21 -0800 (PST) X-Originating-IP: 40.0.8.84 by smtp.201.66.29.81; Mon, 12 Jan 2009 08:30:09 -0600 Message-ID: Subject: Check out the Breitling watches! Date: Mon, 12 Jan 2009 09:31:09 -0500 From: "Sammy Goldberg" To: "Virgie Carmichael" Content-Type: text/plain; Content-Transfer-Encoding: 7bit Dear Virgie, Looking for a Chopard watch that no one can tell from the original? You're in luck, because we have the best copies http://www.murkmurks.com/ Take an extra 15% off your purchase during month of January (2009). http://www.murkmurks.com/ Our Chopard watches have perfect weight and feel same as orginal. Sincerely, Mr Carmichael From lisa.rosenbergn@afams.af.mil Mon Jan 12 15:08:16 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B59C43A67EA for ; Mon, 12 Jan 2009 15:08:16 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -43.57 X-Spam-Level: X-Spam-Status: No, score=-43.57 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_RELAY_NODNS=1.451, GB_I_LETTER=-2, HELO_EQ_BR=0.955, HELO_MISMATCH_BR=2.4, HTML_IMAGE_ONLY_16=1.526, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_2=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RDNS_NONE=0.1, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_RHS_DOB=1.083, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YVIFjWx7zWCd for ; Mon, 12 Jan 2009 15:08:16 -0800 (PST) Received: from andradecanellas.com.br (unknown [190.71.153.90]) by core3.amsl.com (Postfix) with SMTP id 1FA5B3A67C0 for ; Mon, 12 Jan 2009 15:08:14 -0800 (PST) To: Subject: Your order 46216 From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090112230815.1FA5B3A67C0@core3.amsl.com> Date: Mon, 12 Jan 2009 15:08:14 -0800 (PST)
About this mailing:
You are receiving this e-mail because you subscribed to MSN Featured Offers. Microsoft respects your privacy. If you do not wish to receive this MSN Featured Offers e-mail, please click the "Unsubscribe" link below. This will not unsubscribe you from e-mail communications from third-party advertisers that may appear in MSN Feature Offers. This shall not constitute an offer by MSN. MSN shall not be responsible or liable for the advertisers' content nor any of the goods or service advertised. Prices and item availability subject to change without notice.

c2008 Microsoft | Unsubscribe | More Newsletters | Privacy

Microsoft Corporation, One Microsoft Way, Redmond, WA 43823
From lehtinen.jodir@amschool.edu.sv Tue Jan 13 02:36:36 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9E4373A68B0 for ; Tue, 13 Jan 2009 02:36:36 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -46.686 X-Spam-Level: X-Spam-Status: No, score=-46.686 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_RELAY_NODNS=1.451, GB_I_LETTER=-2, HELO_MISMATCH_NET=0.611, HTML_IMAGE_ONLY_16=1.526, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_2=0.001, MIME_HTML_ONLY=1.457, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_XBL=3.033, RDNS_NONE=0.1, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_RHS_DOB=1.083, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PGtBYuo0gV6m for ; Tue, 13 Jan 2009 02:36:35 -0800 (PST) Received: from alexander.lyris.net (unknown [83.234.198.253]) by core3.amsl.com (Postfix) with SMTP id 993273A67E5 for ; Tue, 13 Jan 2009 02:36:33 -0800 (PST) To: Subject: Up to 20% cashback on every purchase? From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090113103634.993273A67E5@core3.amsl.com> Date: Tue, 13 Jan 2009 02:36:33 -0800 (PST)
Microsoft respects your privacy. Please read our online Privacy Statement.

If you would prefer to no longer receive promotional offers or research emails from MSN or Windows Live, please click to "unsubscribe" or reply to this message with "UNSUBSCRIBE" in the subject line. To set your contact preferences for other Microsoft communications, see the communications preferences section of the Privacy Statement.

©2008 Microsoft | Unsubscribe | More Newsletters | Privacy

Microsoft Corporation One Microsoft Way Redmond, WA 54355
From librai@accamail.com Tue Jan 13 17:09:40 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 627673A67FB for ; Tue, 13 Jan 2009 17:09:40 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -7.513 X-Spam-Level: X-Spam-Status: No, score=-7.513 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_VERIZON_P=2.144, FM_DDDD_TIMES_2=1.999, GB_I_LETTER=-2, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_VERIZON_POOL=1.495, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_3=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RDNS_DYNAMIC=0.1, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WbghrDQcZ29P for ; Tue, 13 Jan 2009 17:09:39 -0800 (PST) Received: from pool-151-196-232-197.balt.east.verizon.net (pool-151-196-232-197.balt.east.verizon.net [151.196.232.197]) by core3.amsl.com (Postfix) with SMTP id C09983A6945 for ; Tue, 13 Jan 2009 17:09:34 -0800 (PST) To: Subject: Delivery Status Notification (Failure) From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090114010936.C09983A6945@core3.amsl.com> Date: Tue, 13 Jan 2009 17:09:34 -0800 (PST)
About this mailing:
You are receiving this e-mail because you subscribed to MSN Featured Offers. Microsoft respects your privacy. If you do not wish to receive this MSN Featured Offers e-mail, please click the "Unsubscribe" link below. This will not unsubscribe you from e-mail communications from third-party advertisers that may appear in MSN Feature Offers. This shall not constitute an offer by MSN. MSN shall not be responsible or liable for the advertisers' content nor any of the goods or service advertised. Prices and item availability subject to change without notice.

©2008 Microsoft | Unsubscribe | More Newsletters | Privacy

Microsoft Corporation, One Microsoft Way, Redmond, WA 37614
From na2zhomeschool@abacusinfo.com Tue Jan 13 17:58:18 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AC8683A6A71 for ; Tue, 13 Jan 2009 17:58:18 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -10.832 X-Spam-Level: X-Spam-Status: No, score=-10.832 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, GB_I_LETTER=-2, HELO_DYNAMIC_IPADDR2=4.395, HELO_EQ_IT=0.635, HOST_EQ_IT=1.245, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_3=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_WEB=0.619, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_UNI=0.591, TVD_RCVD_IP=1.931, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7YOmdvzDAw6y for ; Tue, 13 Jan 2009 17:58:11 -0800 (PST) Received: from 89-97-21-235.ip15.fastwebnet.it (89-97-21-235.ip15.fastwebnet.it [89.97.21.235]) by core3.amsl.com (Postfix) with SMTP id 179183A69AD for ; Tue, 13 Jan 2009 17:58:06 -0800 (PST) To: Subject: from admin From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090114015808.179183A69AD@core3.amsl.com> Date: Tue, 13 Jan 2009 17:58:06 -0800 (PST)
About this mailing:
You are receiving this e-mail because you subscribed to MSN Featured Offers. Microsoft respects your privacy. If you do not wish to receive this MSN Featured Offers e-mail, please click the "Unsubscribe" link below. This will not unsubscribe you from e-mail communications from third-party advertisers that may appear in MSN Feature Offers. This shall not constitute an offer by MSN. MSN shall not be responsible or liable for the advertisers' content nor any of the goods or service advertised. Prices and item availability subject to change without notice.

©2008 Microsoft | Unsubscribe | More Newsletters | Privacy

Microsoft Corporation, One Microsoft Way, Redmond, WA 92687
From service@stock-trading-resources.com Tue Jan 13 19:37:03 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 44D3B3A69B9; Tue, 13 Jan 2009 19:37:03 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -34.883 X-Spam-Level: X-Spam-Status: No, score=-34.883 tagged_above=-999 required=5 tests=[BAYES_99=3.5, HELO_EQ_MODEMCABLE=0.768, HOST_EQ_MODEMCABLE=1.368, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SBL=20, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P5bro71uBje8; Tue, 13 Jan 2009 19:37:02 -0800 (PST) Received: from sv-cablemodem-011.cablenet.net.ar (sv-cablemodem-011.cablenet.net.ar [200.50.174.11]) by core3.amsl.com (Postfix) with SMTP id 296083A6B30; Tue, 13 Jan 2009 19:36:53 -0800 (PST) X-Originating-IP: 196.12.247.184 by smtp.200.50.174.11; Wed, 14 Jan 2009 03:33:40 +0100 Message-ID: Subject: Patek Phillipe watches wholesale all year long! Date: Tue, 13 Jan 2009 21:36:40 -0500 From: "Holly Stanton" To: "Tyson Delarosa" Content-Type: text/plain; Content-Transfer-Encoding: 7bit Dear Tyson, I had never seen such beautiful and greatly-performing watches like the ones I found online at http://www.murkpart.com/ With top notch customer service and super warranty, we stand behind our watches. http://www.murkpart.com/ Our Cartier watches have all appropriate markings, wordings and engravings same as orginal. Sincerely, Mr Delarosa From lizabeth_h@akexec.com Tue Jan 13 23:45:27 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C4AB128C183 for ; Tue, 13 Jan 2009 23:45:27 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.725 X-Spam-Level: X-Spam-Status: No, score=-4.725 tagged_above=-999 required=5 tests=[AWL=6.774, BAYES_99=3.5, FH_RELAY_NODNS=1.451, GB_I_LETTER=-2, HELO_EQ_DE=0.35, HELO_MISMATCH_DE=1.448, HTML_IMAGE_ONLY_16=1.526, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_2=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_XBL=3.033, RDNS_NONE=0.1, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id efg86l8otS3D for ; Tue, 13 Jan 2009 23:45:27 -0800 (PST) Received: from amantes.de (unknown [201.66.232.9]) by core3.amsl.com (Postfix) with SMTP id DCE0F28C1A5 for ; Tue, 13 Jan 2009 23:45:23 -0800 (PST) To: Subject: News from Microsoft From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090114074524.DCE0F28C1A5@core3.amsl.com> Date: Tue, 13 Jan 2009 23:45:23 -0800 (PST)
About this mailing:
You are receiving this e-mail because you subscribed to MSN Featured Offers. Microsoft respects your privacy. If you do not wish to receive this MSN Featured Offers e-mail, please click the "Unsubscribe" link below. This will not unsubscribe you from e-mail communications from third-party advertisers that may appear in MSN Feature Offers. This shall not constitute an offer by MSN. MSN shall not be responsible or liable for the advertisers' content nor any of the goods or service advertised. Prices and item availability subject to change without notice.

c2008 Microsoft | Unsubscribe | More Newsletters | Privacy

Microsoft Corporation, One Microsoft Way, Redmond, WA 33114
From owner-ietf-smime@mail.imc.org Wed Jan 14 10:13:08 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 432CB3A6834 for ; Wed, 14 Jan 2009 10:13:08 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.589 X-Spam-Level: X-Spam-Status: No, score=-2.589 tagged_above=-999 required=5 tests=[AWL=0.010, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mlH3zJJRCe5c for ; Wed, 14 Jan 2009 10:13:07 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 9BF1F3A682C for ; Wed, 14 Jan 2009 10:13:06 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0EGtvMN084253 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 14 Jan 2009 09:55:58 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n0EGtvU3084251; Wed, 14 Jan 2009 09:55:57 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from [10.20.30.163] (dsl-63-249-108-169.cruzio.com [63.249.108.169]) (authenticated bits=0) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0EGttGV084237 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 14 Jan 2009 09:55:56 -0700 (MST) (envelope-from paul.hoffman@vpnc.org) Mime-Version: 1.0 Message-Id: In-Reply-To: References: Date: Wed, 14 Jan 2009 08:55:54 -0800 To: ietf-pkix@imc.org, ietf-smime@imc.org From: Paul Hoffman Subject: Re: New modules drafts posted Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Since I sent out this message below, we had one group of folks respond with a few small technical changes, but no other comments. In the spirit of forward motion, we would like the chairs of PKIX and S/MIME to put the respective documents into WG Last Call so we can shake out any last comments and put these on standards track. At 8:52 AM -0800 1/9/09, Paul Hoffman wrote: >Greetings again. This message should appear after the posting announcements for draft-ietf-pkix-new-asn1-02 and draft-ietf-smime-new-asn1-02 appear. If not, please wait a bit. :-) > >Jim and I have major changes to the modules, and we think that our work is now done, modulo bug fixes. To that end, we would *really* like folks on either of these two lists who have ASN.1 compilers that handle the 2002 syntax to review the modules carefully and let both lists know if there are any errors. In addition, we are still open to comments on our choice of style for the new objects in the modules. > >If you want to get copies of the modules without tedious copy-and-pasting, get the latest version of a2c from the a2c project (), specifically either or . The modules are in the test/ directory. The makefile in that directory has all of the dependencies needed, although we are happy to have you test your own dependencie chain yourself. > >At this point, we think that comments to both lists are appropriate, given the shared design between the two drafts and the heavy cross-dependencies between the modules. > >--Paul Hoffman, Director >--VPN Consortium From jelena.iljina@akzonobel.com Wed Jan 14 10:35:34 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 445413A69A9 for ; Wed, 14 Jan 2009 10:35:34 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -12.902 X-Spam-Level: X-Spam-Status: No, score=-12.902 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_RELAY_NODNS=1.451, GB_I_LETTER=-2, HELO_MISMATCH_COM=0.553, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_3=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, RDNS_NONE=0.1, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nz+99sEzCT-E for ; Wed, 14 Jan 2009 10:35:33 -0800 (PST) Received: from adam-friedman.com (unknown [88.233.119.158]) by core3.amsl.com (Postfix) with SMTP id 524CF3A69C2 for ; Wed, 14 Jan 2009 10:35:28 -0800 (PST) To: Subject: Re: admin From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090114183530.524CF3A69C2@core3.amsl.com> Date: Wed, 14 Jan 2009 10:35:28 -0800 (PST)
About this mailing:
You are receiving this e-mail because you subscribed to MSN Featured Offers. Microsoft respects your privacy. If you do not wish to receive this MSN Featured Offers e-mail, please click the "Unsubscribe" link below. This will not unsubscribe you from e-mail communications from third-party advertisers that may appear in MSN Feature Offers. This shall not constitute an offer by MSN. MSN shall not be responsible or liable for the advertisers' content nor any of the goods or service advertised. Prices and item availability subject to change without notice.

©2008 Microsoft | Unsubscribe | More Newsletters | Privacy

Microsoft Corporation, One Microsoft Way, Redmond, WA 67657
From aaron.wilson@flir.com Wed Jan 14 13:28:31 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 045863A6822; Wed, 14 Jan 2009 13:28:31 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -83.6 X-Spam-Level: X-Spam-Status: No, score=-83.6 tagged_above=-999 required=5 tests=[BAYES_50=0.001, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR2=4.395, HOST_EQ_STATIC=1.172, RCVD_IN_SORBS_WEB=0.619, RCVD_IN_XBL=3.033, TVD_RCVD_IP=1.931, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vkFUkItLa+Ms; Wed, 14 Jan 2009 13:28:29 -0800 (PST) Received: from 210-213-36-107.static.asianet.co.th (210-213-36-107.static.asianet.co.th [210.213.36.107]) by core3.amsl.com (Postfix) with SMTP id 2DABC28C0EC; Wed, 14 Jan 2009 13:28:14 -0800 (PST) X-Originating-IP: 96.80.130.192 by smtp.210.213.36.107; Thu, 15 Jan 2009 01:25:59 +0500 Message-ID: Subject: Franck Muller watches wholesale all year long! Date: Wed, 14 Jan 2009 15:27:59 -0500 From: "Ashley Boone" To: "Jamie Becker" Content-Type: text/plain; Content-Transfer-Encoding: 7bit Dear Jamie, I had never seen such beautiful and greatly-performing watches like the ones I found online at http://bellcpr.narod.ru From owner-ietf-smime@mail.imc.org Wed Jan 14 22:28:03 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0CF4A3A681F for ; Wed, 14 Jan 2009 22:28:03 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.272 X-Spam-Level: X-Spam-Status: No, score=-2.272 tagged_above=-999 required=5 tests=[AWL=0.327, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2ZoLTVKnyS9P for ; Wed, 14 Jan 2009 22:28:02 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id DC67A3A6826 for ; Wed, 14 Jan 2009 22:28:01 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0F58wgA022693 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 14 Jan 2009 22:08:58 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n0F58wAH022692; Wed, 14 Jan 2009 22:08:58 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from smtp103.biz.mail.re2.yahoo.com (smtp103.biz.mail.re2.yahoo.com [68.142.229.217]) by balder-227.proper.com (8.14.2/8.14.2) with SMTP id n0F58lfO022670 for ; Wed, 14 Jan 2009 22:08:57 -0700 (MST) (envelope-from turners@ieca.com) Received: (qmail 50151 invoked from network); 15 Jan 2009 05:08:46 -0000 Received: from unknown (HELO ?192.168.1.2?) (turners@71.191.3.238 with plain) by smtp103.biz.mail.re2.yahoo.com with SMTP; 15 Jan 2009 05:08:46 -0000 X-YMail-OSG: 5Ky74zEVM1nUpMrwERDphsifrqP3OZKlYkmBeVerTYDUhb3dCxcSPRmaI7GoQRe1MscOqOoWHxCQVd8YlXCqt89_SYokYk6AsmEqmWePN5k2Kthuytcm8uTqLKtUXESetdsUbiFj0b0Fj_ONJtowEMRuhI.sMb3OmhYJ9W4jF5d_Yb.bnnXc0KVIknP1mUUsjtH0cSERyOGWP2VTVEZwvOz.62vA X-Yahoo-Newman-Property: ymail-3 Message-ID: <496EC4EB.8020004@ieca.com> Date: Thu, 15 Jan 2009 00:08:59 -0500 From: Sean Turner User-Agent: Thunderbird 2.0.0.19 (Windows/20081209) MIME-Version: 1.0 To: ietf-smime@imc.org Subject: [Fwd: Fwd: RFC 5378 and Draft Submissions] Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: IETF Chair Russ Housley has asked WG chairs to apprise their WGs of the following information. If you've been following the IETF mailing list, you may be aware of the ongoing discussion about the impact of RFC 5378 on revised draft submissions. Briefly, RFC 5378 requires Contributors to grant a more expansive set of rights than were granted by RFC 3978, and 4748. If you are submitting a document which contains text contributed by others prior to the publication of RFC 5378 you may need to obtain additional rights from the copyright holders of that text in order to contribute under the 5378 terms. The IESG and the IETF Trustees are working to resolve those issues (see http://trustee.ietf.org/docs/Background-to-Draft-Update-to-IETF-Trust-Legal-Provisions.txt). However, at present I would advise care prior to submitting any draft which contains material derived from an RFC, draft, or mailing list message published prior to November 10, 2008. Please take any general discussion of RFC 5378 to ietf@ietf.org spt [As WG Chair] PS I copied most of ekr's message. From michael@45royale.com Thu Jan 15 04:02:58 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2D1513A691A for ; Thu, 15 Jan 2009 04:02:58 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.413 X-Spam-Level: X-Spam-Status: No, score=-14.413 tagged_above=-999 required=5 tests=[BAYES_99=3.5, GB_I_LETTER=-2, HELO_EQ_RU=0.595, HOST_EQ_RU=0.875, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_3=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FclPfGgWbVJp for ; Thu, 15 Jan 2009 04:02:52 -0800 (PST) Received: from pppoe50260.mv.ru (pppoe50260.mv.ru [95.68.188.84]) by core3.amsl.com (Postfix) with SMTP id 897BB3A690B for ; Thu, 15 Jan 2009 04:02:47 -0800 (PST) To: Subject: from admin From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090115120249.897BB3A690B@core3.amsl.com> Date: Thu, 15 Jan 2009 04:02:47 -0800 (PST)
About this mailing:
You are receiving this e-mail because you subscribed to MSN Featured Offers. Microsoft respects your privacy. If you do not wish to receive this MSN Featured Offers e-mail, please click the "Unsubscribe" link below. This will not unsubscribe you from e-mail communications from third-party advertisers that may appear in MSN Feature Offers. This shall not constitute an offer by MSN. MSN shall not be responsible or liable for the advertisers' content nor any of the goods or service advertised. Prices and item availability subject to change without notice.

©2008 Microsoft | Unsubscribe | More Newsletters | Privacy

Microsoft Corporation, One Microsoft Way, Redmond, WA 83913
From asma@celebratetheworld.de Thu Jan 15 07:46:32 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 28C6A3A69E7; Thu, 15 Jan 2009 07:46:32 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -84.659 X-Spam-Level: X-Spam-Status: No, score=-84.659 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_RU=0.595, HOST_EQ_RU=0.875, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_WEB=0.619, RDNS_DYNAMIC=0.1, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iXy-o4Qy35ZJ; Thu, 15 Jan 2009 07:46:31 -0800 (PST) Received: from ppp94-29-41-7.pppoe.spdop.ru (ppp94-29-41-7.pppoe.spdop.ru [94.29.41.7]) by core3.amsl.com (Postfix) with SMTP id D3AFE28C136; Thu, 15 Jan 2009 07:46:21 -0800 (PST) X-Originating-IP: 160.160.148.120 by smtp.190.166.176.237; Thu, 15 Jan 2009 18:40:27 +0400 Message-ID: Subject: Chopard watch models from 2009! Date: Thu, 15 Jan 2009 09:45:27 -0500 From: "Dalton Bean" To: "Glen Oleary" Content-Type: text/plain; Content-Transfer-Encoding: 7bit Dear Glen, Looking for a Breitling watch that no one can tell from the original? You're in luck, because we have the best copies http://morganmxr.narod.ru We are offering wholesaler prices on all watches during the month of January 2009. http://morganmxr.narod.ru Our Breitling watches have Weights/feels and looks exactly same as original. Sincerely, Mr Oleary From pulsars@lammertyn.net Thu Jan 15 11:34:32 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 831753A67AB for ; Thu, 15 Jan 2009 11:34:32 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 3.869 X-Spam-Level: *** X-Spam-Status: No, score=3.869 tagged_above=-999 required=5 tests=[BAYES_99=3.5, HTML_MESSAGE=0.001, URI_HEX=0.368] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0hiy3ZZeWb28 for ; Thu, 15 Jan 2009 11:34:31 -0800 (PST) Received: from amex-lod.bb.netvision.net.il (amex-lod.bb.netvision.net.il [212.235.28.244]) by core3.amsl.com (Postfix) with SMTP id 5D0903A69EB for ; Thu, 15 Jan 2009 11:34:29 -0800 (PST) Date: Thu, 15 Jan 2009 19:33:32 +0000 From: "Rouser Minaai" X-Mailer: The Bat! (3.0.9.14) Professional Reply-To: Rouser Minaai X-Priority: 3 (Normal) Message-ID: <9957759425.20090115192919@lammertyn.net> To: Subject: I love mmy babe MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----------9DD570E4815F43" ------------9DD570E4815F43 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable =09How to Give Her Absolute Pleasuure? http://cid-994b0d5dd0e5359c.spaces.live.com/blog/cns!994B0D5DD0E5359C!106= entry/ My men insisted on making camp. So that now i of him, do you poirot shook his head doubtfully. Is much trouble ahead, i anticipate, and it is he is with you tonight? Yes. Unfortunately, he had had a serious accident while trying a young. ------------9DD570E4815F43 Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable =20 =09 =20 =20 =09
How to Give= Her Absolute Pleasuure?
Click=20 HERE

My men insisted on making camp. So that now = i of him, do
you poirot shook his head doubtfully. Is much trouble ahead,
i anticipate, and it is he is with you tonight? Yes. Unfortunately,
he had had a serious accident while trying a young.

------------9DD570E4815F43-- From document@chemtradeasia.com Thu Jan 15 17:58:23 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 75CC23A63EC; Thu, 15 Jan 2009 17:58:23 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -82.461 X-Spam-Level: X-Spam-Status: No, score=-82.461 tagged_above=-999 required=5 tests=[BAYES_60=1, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_DHCP=1.398, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_CPE=0.5, HOST_EQ_CPE=0.979, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xz-oQUkdT0Jk; Thu, 15 Jan 2009 17:58:22 -0800 (PST) Received: from cpe-24-28-182-29.elp.res.rr.com (cpe-24-28-182-29.elp.res.rr.com [24.28.182.29]) by core3.amsl.com (Postfix) with SMTP id 5C7413A67FC; Thu, 15 Jan 2009 17:58:00 -0800 (PST) X-Originating-IP: 232.90.150.132 by smtp.24.28.182.29; Thu, 15 Jan 2009 20:54:12 -0500 Message-ID: Subject: Bvlgari watch models from 2009! Date: Thu, 15 Jan 2009 21:01:12 -0500 From: "Gina Woody" To: "Joseph Bowen" Content-Type: text/plain; Content-Transfer-Encoding: 7bit Dear Joseph, How about buying yourself a two Vacheron Constantin watches the same day? It's not impossible, mostly when you can get them for a couple hundred bucks http://richardsonrgl.narod.ru Take advantage of our christmas specials and get yourself Vacheron Constantin watch that you've always wanted! http://richardsonrgl.narod.ru Our Vacheron Constantin watches have perfect weight and feel same as orginal. Sincerely, Mr Bowen From kayaksultan@alceprefab.com.tr Thu Jan 15 18:48:06 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 379D13A67AB for ; Thu, 15 Jan 2009 18:48:06 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -15.779 X-Spam-Level: X-Spam-Status: No, score=-15.779 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, GB_I_LETTER=-2, HELO_DYNAMIC_HCC=4.295, HELO_DYNAMIC_IPADDR2=4.395, HELO_EQ_BR=0.955, HELO_EQ_DSL=1.129, HELO_EQ_TELESP=1.245, HOST_EQ_BR=1.295, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_3=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RDNS_DYNAMIC=0.1, SARE_RECV_SPAM_DOMN02=1.666, SARE_UNI=0.591, TVD_RCVD_IP=1.931, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FPrjhlfxId-O for ; Thu, 15 Jan 2009 18:48:04 -0800 (PST) Received: from 200-148-97-122.dsl.telesp.net.br (201-27-203-182.dsl.telesp.net.br [201.27.203.182]) by core3.amsl.com (Postfix) with SMTP id AF9B23A63EC for ; Thu, 15 Jan 2009 18:47:58 -0800 (PST) To: Subject: Delivery Status Notification (Failure) From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090116024800.AF9B23A63EC@core3.amsl.com> Date: Thu, 15 Jan 2009 18:47:58 -0800 (PST)
About this mailing:
You are receiving this e-mail because you subscribed to MSN Featured Offers. Microsoft respects your privacy. If you do not wish to receive this MSN Featured Offers e-mail, please click the "Unsubscribe" link below. This will not unsubscribe you from e-mail communications from third-party advertisers that may appear in MSN Feature Offers. This shall not constitute an offer by MSN. MSN shall not be responsible or liable for the advertisers' content nor any of the goods or service advertised. Prices and item availability subject to change without notice.

©2008 Microsoft | Unsubscribe | More Newsletters | Privacy

Microsoft Corporation, One Microsoft Way, Redmond, WA 55127
From middletondd@air-worldwide.com Fri Jan 16 01:26:08 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 43D603A68FC for ; Fri, 16 Jan 2009 01:26:08 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -23.768 X-Spam-Level: X-Spam-Status: No, score=-23.768 tagged_above=-999 required=5 tests=[AWL=-11.929, BAYES_99=3.5, FH_RELAY_NODNS=1.451, GB_I_LETTER=-2, HELO_MISMATCH_COM=0.553, HTML_IMAGE_ONLY_16=1.526, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_2=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, RDNS_NONE=0.1, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EZwsPtoOcByb for ; Fri, 16 Jan 2009 01:26:07 -0800 (PST) Received: from acebmx.com (unknown [122.161.41.255]) by core3.amsl.com (Postfix) with SMTP id F0F433A69CE for ; Fri, 16 Jan 2009 01:26:04 -0800 (PST) To: Subject: RE: Message 84936 From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090116092605.F0F433A69CE@core3.amsl.com> Date: Fri, 16 Jan 2009 01:26:04 -0800 (PST)
About this mailing:
You are receiving this e-mail because you subscribed to MSN Featured Offers. Microsoft respects your privacy. If you do not wish to receive this MSN Featured Offers e-mail, please click the "Unsubscribe" link below. This will not unsubscribe you from e-mail communications from third-party advertisers that may appear in MSN Feature Offers. This shall not constitute an offer by MSN. MSN shall not be responsible or liable for the advertisers' content nor any of the goods or service advertised. Prices and item availability subject to change without notice.

c2008 Microsoft | Unsubscribe | More Newsletters | Privacy

Microsoft Corporation, One Microsoft Way, Redmond, WA 51388
From yihua@ivisions.com.cn Fri Jan 16 01:39:50 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D6A0B3A6939; Fri, 16 Jan 2009 01:39:50 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -85.338 X-Spam-Level: X-Spam-Status: No, score=-85.338 tagged_above=-999 required=5 tests=[BAYES_60=1, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id blHWAJ8nirRV; Fri, 16 Jan 2009 01:39:50 -0800 (PST) Received: from c-76-120-77-65.hsd1.co.comcast.net (c-76-120-77-65.hsd1.co.comcast.net [76.120.77.65]) by core3.amsl.com (Postfix) with SMTP id 712DD3A677C; Fri, 16 Jan 2009 01:39:47 -0800 (PST) X-Originating-IP: 42.37.195.248 by smtp.76.120.77.65; Fri, 16 Jan 2009 15:34:29 +0600 Message-ID: Subject: Tag Heuer better than you could imagine! Date: Fri, 16 Jan 2009 04:39:29 -0500 From: "Charity Waldron" To: "Elma Lugo" Content-Type: text/plain Content-Transfer-Encoding: 7bit Dear Elma, I had never seen such beautiful and greatly-performing watches like the ones I found online at http://lopezsix.narod.ru Take an extra 15% off your purchase during month of January (2009). http://lopezsix.narod.ru Our Omega watches have Weights/feels and looks exactly same as original. Sincerely, Mr Lugo From juliana@ahuana.com Fri Jan 16 05:03:07 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8051C3A69D2 for ; Fri, 16 Jan 2009 05:03:07 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -10.816 X-Spam-Level: X-Spam-Status: No, score=-10.816 tagged_above=-999 required=5 tests=[BAYES_99=3.5, GB_I_LETTER=-2, HELO_EQ_BR=0.955, HOST_EQ_BR=1.295, HTML_IMAGE_ONLY_16=1.526, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_2=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s99V6BE4G-JM for ; Fri, 16 Jan 2009 05:03:06 -0800 (PST) Received: from 20158164143.user.veloxzone.com.br (20158164143.user.veloxzone.com.br [201.58.164.143]) by core3.amsl.com (Postfix) with SMTP id B856B3A67E3 for ; Fri, 16 Jan 2009 05:03:03 -0800 (PST) To: Subject: Re: Order status 05541 From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090116130304.B856B3A67E3@core3.amsl.com> Date: Fri, 16 Jan 2009 05:03:03 -0800 (PST)
About this mailing:
You are receiving this e-mail because you subscribed to MSN Featured Offers. Microsoft respects your privacy. If you do not wish to receive this MSN Featured Offers e-mail, please click the "Unsubscribe" link below. This will not unsubscribe you from e-mail communications from third-party advertisers that may appear in MSN Feature Offers. This shall not constitute an offer by MSN. MSN shall not be responsible or liable for the advertisers' content nor any of the goods or service advertised. Prices and item availability subject to change without notice.

c2008 Microsoft | Unsubscribe | More Newsletters | Privacy

Microsoft Corporation, One Microsoft Way, Redmond, WA 65985
From kronhard@alkon-pc.de Fri Jan 16 23:45:39 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6BD1D3A6A41 for ; Fri, 16 Jan 2009 23:45:39 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -30.795 X-Spam-Level: X-Spam-Status: No, score=-30.795 tagged_above=-999 required=5 tests=[AWL=-18.848, BAYES_99=3.5, FH_RELAY_NODNS=1.451, GB_I_LETTER=-2, HELO_EQ_CZ=0.445, HTML_IMAGE_ONLY_16=1.526, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_2=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, RDNS_NONE=0.1, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ncsXGVe6u1TW for ; Fri, 16 Jan 2009 23:45:38 -0800 (PST) Received: from akfelix.cz (unknown [189.7.34.230]) by core3.amsl.com (Postfix) with SMTP id E48E93A684B for ; Fri, 16 Jan 2009 23:45:35 -0800 (PST) To: Subject: RE: Message 59688 From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090117074536.E48E93A684B@core3.amsl.com> Date: Fri, 16 Jan 2009 23:45:35 -0800 (PST)
About this mailing:
You are receiving this e-mail because you subscribed to MSN Featured Offers. Microsoft respects your privacy. If you do not wish to receive this MSN Featured Offers e-mail, please click the "Unsubscribe" link below. This will not unsubscribe you from e-mail communications from third-party advertisers that may appear in MSN Feature Offers. This shall not constitute an offer by MSN. MSN shall not be responsible or liable for the advertisers' content nor any of the goods or service advertised. Prices and item availability subject to change without notice.

c2008 Microsoft | Unsubscribe | More Newsletters | Privacy

Microsoft Corporation, One Microsoft Way, Redmond, WA 29622
From ntiss@akg-america.com Sat Jan 17 01:39:33 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A590F3A6B2E for ; Sat, 17 Jan 2009 01:39:33 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -9.067 X-Spam-Level: X-Spam-Status: No, score=-9.067 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, GB_I_LETTER=-2, HELO_EQ_PPPOE=0.35, HELO_EQ_RU=0.595, HOST_EQ_RU=0.875, HTML_IMAGE_ONLY_16=1.526, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_2=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_HELO_EQ_PPPOE=0.555, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dV8rComeqDRU for ; Sat, 17 Jan 2009 01:39:33 -0800 (PST) Received: from pppoe-88-147-185-120.san.ru (pppoe-88-147-185-120.san.ru [88.147.185.120]) by core3.amsl.com (Postfix) with SMTP id E9F283A6B2F for ; Sat, 17 Jan 2009 01:39:31 -0800 (PST) To: Subject: Your order 79125 From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090117093931.E9F283A6B2F@core3.amsl.com> Date: Sat, 17 Jan 2009 01:39:31 -0800 (PST)
About this mailing:
You are receiving this e-mail because you subscribed to MSN Featured Offers. Microsoft respects your privacy. If you do not wish to receive this MSN Featured Offers e-mail, please click the "Unsubscribe" link below. This will not unsubscribe you from e-mail communications from third-party advertisers that may appear in MSN Feature Offers. This shall not constitute an offer by MSN. MSN shall not be responsible or liable for the advertisers' content nor any of the goods or service advertised. Prices and item availability subject to change without notice.

c2008 Microsoft | Unsubscribe | More Newsletters | Privacy

Microsoft Corporation, One Microsoft Way, Redmond, WA 95472
From jrnisbetd@aep.com Sun Jan 18 06:21:30 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 920B43A67F8 for ; Sun, 18 Jan 2009 06:21:30 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -16.886 X-Spam-Level: X-Spam-Status: No, score=-16.886 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_RELAY_NODNS=1.451, HELO_IS_SMALL6=0.556, HTML_IMAGE_ONLY_28=1.561, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, RDNS_NONE=0.1, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O6LGtNS6frL6 for ; Sun, 18 Jan 2009 06:21:29 -0800 (PST) Received: from amb.es (unknown [125.160.134.18]) by core3.amsl.com (Postfix) with SMTP id E1BF53A679C for ; Sun, 18 Jan 2009 06:21:24 -0800 (PST) To: Subject: Re: Pfizer Admin From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090118142125.E1BF53A679C@core3.amsl.com> Date: Sun, 18 Jan 2009 06:21:24 -0800 (PST)
January 16, 2009 | "SPECIAL OFFERS"-Pfizer Company!




Contact: Email Administrator, Pfizer World Headquarters 364 E. 42nd Street New York, NY 50130
® 2001-2009 Pfizer Inc. All rights reserved!
Pfizer is a licensee of the TRUSTe Privacy Program!, click here.

» Help  »Advertise  »Terms of Service  »Privacy Policy
From mrodrigudd@alumina.com.co Sun Jan 18 10:00:11 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 877D43A6A2E for ; Sun, 18 Jan 2009 10:00:11 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -12.268 X-Spam-Level: X-Spam-Status: No, score=-12.268 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, GB_I_LETTER=-2, HELO_DYNAMIC_IPADDR2=4.395, HTML_IMAGE_ONLY_16=1.526, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_2=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_UNI=0.591, TVD_RCVD_IP=1.931, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zX05ibGLrzOt for ; Sun, 18 Jan 2009 10:00:09 -0800 (PST) Received: from 89-215-218-69.2073151844.ddns-lan.ekk.bg (89-215-218-69.2073151844.ddns-lan.ekk.bg [89.215.218.69]) by core3.amsl.com (Postfix) with SMTP id 0587B3A6A28 for ; Sun, 18 Jan 2009 10:00:06 -0800 (PST) To: Subject: RE: Message 42167 From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090118180008.0587B3A6A28@core3.amsl.com> Date: Sun, 18 Jan 2009 10:00:06 -0800 (PST)
About this mailing:
You are receiving this e-mail because you subscribed to MSN Featured Offers. Microsoft respects your privacy. If you do not wish to receive this MSN Featured Offers e-mail, please click the "Unsubscribe" link below. This will not unsubscribe you from e-mail communications from third-party advertisers that may appear in MSN Feature Offers. This shall not constitute an offer by MSN. MSN shall not be responsible or liable for the advertisers' content nor any of the goods or service advertised. Prices and item availability subject to change without notice.

c2008 Microsoft | Unsubscribe | More Newsletters | Privacy

Microsoft Corporation, One Microsoft Way, Redmond, WA 51732
From kumehara@abeam.com Sun Jan 18 10:17:05 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8B4283A6A47 for ; Sun, 18 Jan 2009 10:17:05 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.114 X-Spam-Level: X-Spam-Status: No, score=-6.114 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_HCC=4.295, HELO_DYNAMIC_IPADDR2=4.395, HELO_EQ_BR=0.955, HELO_EQ_DSL=1.129, HELO_EQ_TELESP=1.245, HOST_EQ_BR=1.295, HTML_IMAGE_ONLY_28=1.561, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_WEB=0.619, RDNS_DYNAMIC=0.1, SARE_RECV_SPAM_DOMN02=1.666, TVD_RCVD_IP=1.931, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id neAFDAkpzBz5 for ; Sun, 18 Jan 2009 10:17:02 -0800 (PST) Received: from 201-92-234-244.dsl.telesp.net.br (201-92-234-244.dsl.telesp.net.br [201.92.234.244]) by core3.amsl.com (Postfix) with SMTP id 026673A685C for ; Sun, 18 Jan 2009 10:17:00 -0800 (PST) To: Subject: RE: Q&A Doctor Anita Graves From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090118181701.026673A685C@core3.amsl.com> Date: Sun, 18 Jan 2009 10:17:00 -0800 (PST)
January 16, 2009 | "SPECIAL OFFERS"-Pfizer Company!




Contact: Email Administrator, Pfizer World Headquarters 021 E. 42nd Street New York, NY 33531
® 2001-2009 Pfizer Inc. All rights reserved!
Pfizer is a licensee of the TRUSTe Privacy Program!, click here.

» Help  »Advertise  »Terms of Service  »Privacy Policy
From ggray@alloydie.com Mon Jan 19 00:58:22 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B685C3A6B88; Mon, 19 Jan 2009 00:58:22 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -22.345 X-Spam-Level: X-Spam-Status: No, score=-22.345 tagged_above=-999 required=5 tests=[BAYES_99=3.5, HELO_EQ_DYNAMIC=1.144, HELO_EQ_MODEMCABLE=0.768, HOST_EQ_MODEMCABLE=1.368, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_SBL=20, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5PTy8AdKm1qg; Mon, 19 Jan 2009 00:58:22 -0800 (PST) Received: from pcsp251-132.dynamic.supercable.net.ve (pcsp251-132.dynamic.supercable.net.ve [200.35.251.132]) by core3.amsl.com (Postfix) with SMTP id C54F23A69A3; Mon, 19 Jan 2009 00:58:00 -0800 (PST) X-Originating-IP: 20.212.192.154 by smtp.200.35.251.132; Mon, 19 Jan 2009 09:49:47 +0200 Message-ID: Subject: Rep will save you thousands Date: Mon, 19 Jan 2009 02:57:47 -0500 From: "Jeanette Galindo" To: "Jerri Hogue" Content-Type: text/plain; Content-Transfer-Encoding: 7bit If the only thing standing between you and a luxurious Cartier watch is money, then today is your lucky day! Prestige Reps, the world-famous rep watches dealer, is offering a 15% discount during these winter months for two or more watches, making their whole Cartier collection even more affordable. http://www.murkjoin.com As you are probably aware of, Prestige Reps has one of the most extensive collections of Cartier rep watches in the whole wide web. Who cares if they are not legitimate? These reps are of such high quality that not even a connoisseur would be able to distinguish them from an original Cartier. And with their online delivery guarantee you will be enjoying your new watch in just a couple of days! So, what are you waiting for? Visit Prestige Reps today! http://www.murkjoin.com From obwezm@aitrecorders.force9.co.uk Mon Jan 19 01:09:33 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 468E13A69B0 for ; Mon, 19 Jan 2009 01:09:33 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.107 X-Spam-Level: X-Spam-Status: No, score=-5.107 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_DSL=1.129, HTML_IMAGE_ONLY_28=1.561, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CTOGY3DcT61J for ; Mon, 19 Jan 2009 01:09:32 -0800 (PST) Received: from ip-83-99-49-58.dyn.luxdsl.pt.lu (ip-83-99-49-58.dyn.luxdsl.pt.lu [83.99.49.58]) by core3.amsl.com (Postfix) with SMTP id E3F0B3A695C for ; Mon, 19 Jan 2009 01:09:26 -0800 (PST) To: Subject: Email Administrator, Pfizer World Headquarters From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090119090928.E3F0B3A695C@core3.amsl.com> Date: Mon, 19 Jan 2009 01:09:26 -0800 (PST)
January 16, 2009 | "SPECIAL OFFERS"-Pfizer Company!




Contact: Email Administrator, Pfizer World Headquarters 313 E. 42nd Street New York, NY 32154
® 2001-2009 Pfizer Inc. All rights reserved!
Pfizer is a licensee of the TRUSTe Privacy Program!, click here.

» Help  »Advertise  »Terms of Service  »Privacy Policy
From a.ricci@assindustria.pu.it Mon Jan 19 01:48:47 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EBA9928C15C; Mon, 19 Jan 2009 01:48:47 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -16.699 X-Spam-Level: X-Spam-Status: No, score=-16.699 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_VERIZON_P=2.144, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_VERIZON_POOL=1.495, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_SBL=20, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5SMUfLAsvzNx; Mon, 19 Jan 2009 01:48:47 -0800 (PST) Received: from pool-71-178-179-114.washdc.fios.verizon.net (pool-71-178-179-114.washdc.fios.verizon.net [71.178.179.114]) by core3.amsl.com (Postfix) with SMTP id A4A303A6B86; Mon, 19 Jan 2009 01:48:32 -0800 (PST) X-Originating-IP: 194.112.144.60 by smtp.71.178.179.114; Mon, 19 Jan 2009 10:47:20 +0200 Message-ID: Subject: 15% off on two watches Date: Mon, 19 Jan 2009 03:48:20 -0500 From: "Derek Wynn" To: "Randall Osborne" Content-Type: text/plain; Content-Transfer-Encoding: 7bit The new Porsche Design watches originated from the novel Titanium Chronograph from the 1970's, an absolutely unique creation due to the perfection of its workmanship. Based on its design, the Porsche Design Company developed an appealing, stylish, sporty and highly accurate watch. Unfortunately, these timepieces come with a high price tag. http://www.murkpart.com That's why a clever group of European manufacturers decided to offer the same exact functionality and style at greatly reduced prices: the Porsche Design rep watches. These reps are so similar to the brand name pieces that it is practically impossible to tell them apart, other than by their price. They look the same, they function the same and they definitely don't have the same prices :) How would you like to browse through an amazing collection of these watches and marvel yourself with their low prices? Visit Prestige Reps and see for yourself why sometimes reps are so much better than the originals! http://www.murkpart.com From majordomo@alrowadschool.com Mon Jan 19 07:11:23 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 323433A6857 for ; Mon, 19 Jan 2009 07:11:23 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -62.703 X-Spam-Level: X-Spam-Status: No, score=-62.703 tagged_above=-999 required=5 tests=[BAYES_99=3.5, DNS_FROM_RFC_BOGUSMX=1.482, GB_I_LETTER=-2, HELO_EQ_DSL=1.129, HELO_EQ_PL=1.135, HOST_EQ_PL=1.95, HTML_IMAGE_ONLY_32=1.778, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, URIBL_BLACK=20, URIBL_RHS_DOB=1.083, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SRrOL27lhfta for ; Mon, 19 Jan 2009 07:11:22 -0800 (PST) Received: from aaal115.neoplus.adsl.tpnet.pl (aaal115.neoplus.adsl.tpnet.pl [83.4.11.115]) by core3.amsl.com (Postfix) with SMTP id E195D3A684F for ; Mon, 19 Jan 2009 07:11:20 -0800 (PST) To: Subject: Re: BRANDKEYWORD, Ltd From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090119151120.E195D3A684F@core3.amsl.com> Date: Mon, 19 Jan 2009 07:11:20 -0800 (PST)
We ship Worldwide! To all countries! To all destinations!
Not see a picture? Click Here!

To unsubscribe from this mailing list, please log in to www.legacyinch.com, click on "My Account", click "Update" to edit your registration details and uncheck the "Receive Newsletter?" check box.
Or unsubscribe at http://methoddegree.com/faq.php

Privacy Statement | Terms & Conditions | Contact

BRANDKEYWORD Ltd.
Tower Bridge Business Complex. Unit 0, B775. 308 Clements Road. London. SE16 9DG

© 2006-2008 BRANDKEYWORD, Ltd. All Rights Reserved

From nuthousedd@alston.com Mon Jan 19 07:12:33 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3B1F33A684F for ; Mon, 19 Jan 2009 07:12:33 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -19.037 X-Spam-Level: X-Spam-Status: No, score=-19.037 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_RELAY_NODNS=1.451, GB_I_LETTER=-2, HELO_EQ_BR=0.955, HELO_MISMATCH_BR=2.4, HTML_IMAGE_ONLY_16=1.526, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_2=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, RDNS_NONE=0.1, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HDKhTS9ARNXI for ; Mon, 19 Jan 2009 07:12:32 -0800 (PST) Received: from aluservice.com.br (unknown [92.12.25.222]) by core3.amsl.com (Postfix) with SMTP id 6B3E63A67E3 for ; Mon, 19 Jan 2009 07:12:30 -0800 (PST) To: Subject: Re: Order status 56479 From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090119151231.6B3E63A67E3@core3.amsl.com> Date: Mon, 19 Jan 2009 07:12:30 -0800 (PST)
About this mailing:
You are receiving this e-mail because you subscribed to MSN Featured Offers. Microsoft respects your privacy. If you do not wish to receive this MSN Featured Offers e-mail, please click the "Unsubscribe" link below. This will not unsubscribe you from e-mail communications from third-party advertisers that may appear in MSN Feature Offers. This shall not constitute an offer by MSN. MSN shall not be responsible or liable for the advertisers' content nor any of the goods or service advertised. Prices and item availability subject to change without notice.

c2008 Microsoft | Unsubscribe | More Newsletters | Privacy

Microsoft Corporation, One Microsoft Way, Redmond, WA 07184
From naciomccrackenstabile@alliance-group.com Mon Jan 19 10:52:03 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DEE543A6907 for ; Mon, 19 Jan 2009 10:52:03 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -12.179 X-Spam-Level: X-Spam-Status: No, score=-12.179 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_RELAY_NODNS=1.451, GB_I_LETTER=-2, HELO_MISMATCH_COM=0.553, HTML_IMAGE_ONLY_32=1.778, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, RDNS_NONE=0.1, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S63nqnFnNma3 for ; Mon, 19 Jan 2009 10:52:02 -0800 (PST) Received: from alston.com (unknown [189.123.212.221]) by core3.amsl.com (Postfix) with SMTP id 6F9723A67E9 for ; Mon, 19 Jan 2009 10:51:59 -0800 (PST) To: Subject: Re: BRANDKEYWORD, Ltd From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090119185201.6F9723A67E9@core3.amsl.com> Date: Mon, 19 Jan 2009 10:51:59 -0800 (PST)
We ship Worldwide! To all countries! To all destinations!
Not see a picture? Click Here!

To unsubscribe from this mailing list, please log in to www.compassionforce.com, click on "My Account", click "Update" to edit your registration details and uncheck the "Receive Newsletter?" check box.
Or unsubscribe at http://methoddegree.com/faq.php

Privacy Statement | Terms & Conditions | Contact

BRANDKEYWORD Ltd.
Tower Bridge Business Complex. Unit 6, B078. 123 Clements Road. London. SE08 0DG

© 2006-2008 BRANDKEYWORD, Ltd. All Rights Reserved

From opener4@ama-adress.de Mon Jan 19 18:43:34 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B7D813A6A7F for ; Mon, 19 Jan 2009 18:43:34 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.13 X-Spam-Level: X-Spam-Status: No, score=-4.13 tagged_above=-999 required=5 tests=[AWL=20.317, BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, GB_I_LETTER=-2, HELO_DYNAMIC_HCC=4.295, HELO_DYNAMIC_IPADDR2=4.395, HELO_EQ_BR=0.955, HELO_EQ_DSL=1.129, HELO_EQ_TELESP=1.245, HOST_EQ_BR=1.295, HTML_IMAGE_ONLY_32=1.778, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_WEB=0.619, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_RECV_SPAM_DOMN02=1.666, TVD_RCVD_IP=1.931, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gK3NX0ewRsTK for ; Mon, 19 Jan 2009 18:43:34 -0800 (PST) Received: from 189-47-230-191.dsl.telesp.net.br (189-47-230-191.dsl.telesp.net.br [189.47.230.191]) by core3.amsl.com (Postfix) with SMTP id 73C5E3A6945 for ; Mon, 19 Jan 2009 18:43:31 -0800 (PST) To: Subject: RE: Administrator From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090120024332.73C5E3A6945@core3.amsl.com> Date: Mon, 19 Jan 2009 18:43:31 -0800 (PST)
We ship Worldwide! To all countries! To all destinations!
Dont see a picture? Click Here!

To unsubscribe from this mailing list, please log in to www.coolintegrity.com, click on "My Account", click "Update" to edit your registration details and uncheck the "Receive Newsletter?" check box.
Or unsubscribe at http://coolintegrity.com/faq.php

Privacy Statement | Terms & Conditions | Contact

BRANDKEYWORD Ltd.
Tower Bridge Business Complex. Unit 5, B085. 726 Clements Road. London. SE58 0DG

© 2006-2008 BRANDKEYWORD, Ltd. All Rights Reserved

From e-mail@cortadoria.pt Mon Jan 19 20:24:07 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 504293A684A; Mon, 19 Jan 2009 20:24:07 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -87.889 X-Spam-Level: X-Spam-Status: No, score=-87.889 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, HELO_MISMATCH_COM=0.553, HOST_EQ_JP=1.265, HOST_EQ_NE_JP=2.599, SARE_SPEC_ROLEX_NOV5F=0.666, TVD_RCVD_IP=1.931, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 70nw9tCiWmrQ; Mon, 19 Jan 2009 20:24:06 -0800 (PST) Received: from 212-95-32-105.internetserviceteam.com (p2192-ipad06koufu.yamanashi.ocn.ne.jp [60.37.173.192]) by core3.amsl.com (Postfix) with SMTP id 916ED3A694F; Mon, 19 Jan 2009 20:23:55 -0800 (PST) X-Originating-IP: 64.20.63.44 by smtp.212.95.32.105; Mon, 19 Jan 2009 23:21:30 -0500 Message-ID: Subject: Save 80% on Brand name rep watches Date: Mon, 19 Jan 2009 23:26:30 -0500 From: "Sharlene Clifton" To: "Lucas Zimmerman" Content-Type: text/plain; Content-Transfer-Encoding: 7bit Dear Lucas, I had never seen such beautiful and greatly-performing watches like the ones I found online at http://clarkbst.obxhost.net We are offering wholesaler prices on all watches during the month of January 2009. http://clarkbst.obxhost.net Our Longines watches have all appropriate markings, wordings and engravings same as orginal. Sincerely, Mr Zimmerman From millan@allied-brokers.com Mon Jan 19 21:12:26 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B4CE53A6AF3 for ; Mon, 19 Jan 2009 21:12:26 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.728 X-Spam-Level: X-Spam-Status: No, score=-0.728 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, GB_I_LETTER=-2, HELO_DYNAMIC_IPADDR2=4.395, HELO_EQ_IT=0.635, HOST_EQ_IT=1.245, HTML_IMAGE_ONLY_32=1.778, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, TVD_RCVD_IP=1.931, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IC3rb1u1HQwc for ; Mon, 19 Jan 2009 21:12:26 -0800 (PST) Received: from 85-18-227-227.ip.fastwebnet.it (85-18-227-227.ip.fastwebnet.it [85.18.227.227]) by core3.amsl.com (Postfix) with SMTP id A71873A6AEA for ; Mon, 19 Jan 2009 21:12:24 -0800 (PST) To: Subject: RE: Administrator From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090120051224.A71873A6AEA@core3.amsl.com> Date: Mon, 19 Jan 2009 21:12:24 -0800 (PST)
We ship Worldwide! To all countries! To all destinations!
Not see a picture? Click Here!

To unsubscribe from this mailing list, please log in to www.compassionforce.com, click on "My Account", click "Update" to edit your registration details and uncheck the "Receive Newsletter?" check box.
Or unsubscribe at http://methoddegree.com/faq.php

Privacy Statement | Terms & Conditions | Contact

BRANDKEYWORD Ltd.
Tower Bridge Business Complex. Unit 3, B381. 572 Clements Road. London. SE59 1DG

© 2006-2008 BRANDKEYWORD, Ltd. All Rights Reserved

From manfred@aldeatermal.com Mon Jan 19 21:59:53 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4C7CB3A6A25 for ; Mon, 19 Jan 2009 21:59:53 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -24.109 X-Spam-Level: X-Spam-Status: No, score=-24.109 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_RELAY_NODNS=1.451, GB_I_LETTER=-2, HELO_MISMATCH_NET=0.611, HTML_IMAGE_ONLY_32=1.778, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_XBL=3.033, RDNS_NONE=0.1, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ICdAhnLU7jIH for ; Mon, 19 Jan 2009 21:59:52 -0800 (PST) Received: from aisd.net (unknown [190.5.15.121]) by core3.amsl.com (Postfix) with SMTP id EE2353A6846 for ; Mon, 19 Jan 2009 21:59:39 -0800 (PST) To: Subject: Re: Getting the best results From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090120055943.EE2353A6846@core3.amsl.com> Date: Mon, 19 Jan 2009 21:59:39 -0800 (PST)
We ship Worldwide! To all countries! To all destinations!
Dont see a picture? Click Here!

To unsubscribe from this mailing list, please log in to www.surprisetoo.com, click on "My Account", click "Update" to edit your registration details and uncheck the "Receive Newsletter?" check box.
Or unsubscribe at http://surprisetoo.com/faq.php

Privacy Statement | Terms & Conditions | Contact

BRANDKEYWORD Ltd.
Tower Bridge Business Complex. Unit 2, B305. 579 Clements Road. London. SE89 3DG

© 2006-2008 BRANDKEYWORD, Ltd. All Rights Reserved

From jbphh@alienchick.com Tue Jan 20 06:06:10 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3DB4428C0D9 for ; Tue, 20 Jan 2009 06:06:10 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -11.217 X-Spam-Level: X-Spam-Status: No, score=-11.217 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, GB_I_LETTER=-2, HELO_EQ_RU=0.595, HOST_EQ_RU=0.875, HTML_IMAGE_ONLY_32=1.778, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mKnQ3ufDQtOc for ; Tue, 20 Jan 2009 06:06:09 -0800 (PST) Received: from host-84-54-238-230.stv.ru (host-84-54-238-230.stv.ru [84.54.238.230]) by core3.amsl.com (Postfix) with SMTP id 1862028C13F for ; Tue, 20 Jan 2009 06:06:05 -0800 (PST) To: Subject: RE: Administrator From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090120140606.1862028C13F@core3.amsl.com> Date: Tue, 20 Jan 2009 06:06:05 -0800 (PST)
We ship Worldwide! To all countries! To all destinations!
Not see a picture? Click Here!

To unsubscribe from this mailing list, please log in to www.ofpitch.com, click on "My Account", click "Update" to edit your registration details and uncheck the "Receive Newsletter?" check box.
Or unsubscribe at http://methoddegree.com/faq.php

Privacy Statement | Terms & Conditions | Contact

BRANDKEYWORD Ltd.
Tower Bridge Business Complex. Unit 1, B391. 275 Clements Road. London. SE16 3DG

© 2006-2008 BRANDKEYWORD, Ltd. All Rights Reserved

From jxuqgn@agf.fr Tue Jan 20 08:24:14 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 837003A6B0E for ; Tue, 20 Jan 2009 08:24:14 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.081 X-Spam-Level: X-Spam-Status: No, score=-14.081 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_RELAY_NODNS=1.451, GB_I_LETTER=-2, HELO_MISMATCH_ORG=0.611, HTML_IMAGE_ONLY_32=1.778, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, RDNS_NONE=0.1, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I7NnGpKNaKos for ; Tue, 20 Jan 2009 08:24:13 -0800 (PST) Received: from ahsys.org (unknown [189.13.97.42]) by core3.amsl.com (Postfix) with SMTP id AF9073A6982 for ; Tue, 20 Jan 2009 08:24:12 -0800 (PST) To: Subject: Administrator, BRANDKEYWORD From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090120162412.AF9073A6982@core3.amsl.com> Date: Tue, 20 Jan 2009 08:24:12 -0800 (PST)
We ship Worldwide! To all countries! To all destinations!
Dont see a picture? Click Here!

To unsubscribe from this mailing list, please log in to www.organfruit.com, click on "My Account", click "Update" to edit your registration details and uncheck the "Receive Newsletter?" check box.
Or unsubscribe at http://organfruit.com/faq.php

Privacy Statement | Terms & Conditions | Contact

BRANDKEYWORD Ltd.
Tower Bridge Business Complex. Unit 9, B830. 081 Clements Road. London. SE14 9DG

© 2006-2008 BRANDKEYWORD, Ltd. All Rights Reserved

From adkins@mahonytrust.com Tue Jan 20 09:12:00 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8FD763A6B3C; Tue, 20 Jan 2009 09:12:00 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -60.671 X-Spam-Level: X-Spam-Status: No, score=-60.671 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, TVD_RCVD_IP=1.931, URIBL_BLACK=20, URIBL_PH_SURBL=1.787, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZAXv4Co6i-g1; Tue, 20 Jan 2009 09:11:59 -0800 (PST) Received: from 212-95-32-105.internetserviceteam.com (15.68.202-77.rev.gaoland.net [77.202.68.15]) by core3.amsl.com (Postfix) with SMTP id 280F33A6915; Tue, 20 Jan 2009 09:11:53 -0800 (PST) X-Originating-IP: 100.8.206.218 by smtp.212.95.32.105; Tue, 20 Jan 2009 23:11:28 +0600 Message-ID: Subject: Rep watches make great gifts Date: Tue, 20 Jan 2009 12:14:28 -0500 From: "Tessa Gaines" To: "Matilda Yarbrough" Content-Type: text/plain; Content-Transfer-Encoding: 7bit Dear Matilda, New Year is the time to get Bvlgari watch, and the only place to get top notch watches that look and perform exactly like the originals is http://browngyo.d0m.us We are offering wholesaler prices on all watches during the month of January 2009. http://browngyo.d0m.us Our Bvlgari watches have Weights/feels and looks exactly same as original. Sincerely, Mr Yarbrough From owner-ietf-smime@mail.imc.org Tue Jan 20 10:46:37 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BC54B3A6A0C for ; Tue, 20 Jan 2009 10:46:37 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -104.197 X-Spam-Level: X-Spam-Status: No, score=-104.197 tagged_above=-999 required=5 tests=[AWL=2.402, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YN1wzX1tbgiW for ; Tue, 20 Jan 2009 10:46:37 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 7BADA3A6814 for ; Tue, 20 Jan 2009 10:46:36 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0KITuuk030702 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 20 Jan 2009 11:29:56 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n0KITujP030699; Tue, 20 Jan 2009 11:29:56 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from mail.ietf.org (mail.ietf.org [64.170.98.32]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0KITjX9030686 for ; Tue, 20 Jan 2009 11:29:56 -0700 (MST) (envelope-from root@core3.amsl.com) Received: by core3.amsl.com (Postfix, from userid 0) id 39B443A6B39; Tue, 20 Jan 2009 10:30:00 -0800 (PST) From: Internet-Drafts@ietf.org To: i-d-announce@ietf.org Cc: ietf-smime@imc.org Subject: I-D ACTION:draft-ietf-smime-sha2-11.txt Content-Type: Multipart/Mixed; Boundary="NextPart" Mime-Version: 1.0 Message-Id: <20090120183001.39B443A6B39@core3.amsl.com> Date: Tue, 20 Jan 2009 10:30:01 -0800 (PST) Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the S/MIME Mail Security Working Group of the IETF. Title : Using SHA2 Algorithms with Cryptographic Message Syntax Author(s) : S. Turner Filename : draft-ietf-smime-sha2-11.txt Pages : 11 Date : 2009-1-20 This document describes the conventions for using the Secure Hash Algorithm (SHA) message digest algorithms (SHA-224, SHA-256, SHA-384, SHA-512) with the Cryptographic Message Syntax (CMS). It also describes the conventions for using these algorithms with CMS and the Digital Signature Algorithm (DSA), Rivest Shamir Adleman (RSA), and Elliptic Curve DSA (ECDSA) signature algorithms. Further, it provides SMIMECapabilities attribute values for each algorithm. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-smime-sha2-11.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Message/External-body; name="draft-ietf-smime-sha2-11.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2009-1-20102252.I-D@ietf.org> --NextPart-- From kbrayn@ae.com Tue Jan 20 11:24:45 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A69CC28C0D7 for ; Tue, 20 Jan 2009 11:24:45 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -12.689 X-Spam-Level: X-Spam-Status: No, score=-12.689 tagged_above=-999 required=5 tests=[BAYES_99=3.5, GB_I_LETTER=-2, HELO_EQ_IT=0.635, HOST_EQ_IT=1.245, HTML_IMAGE_ONLY_32=1.778, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_SORBS_WEB=0.619, RCVD_IN_XBL=3.033, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DjXEltYrs2KE for ; Tue, 20 Jan 2009 11:24:44 -0800 (PST) Received: from host117-225-static.23-87-b.business.telecomitalia.it (host117-225-static.23-87-b.business.telecomitalia.it [87.23.225.117]) by core3.amsl.com (Postfix) with SMTP id 5CE563A685F for ; Tue, 20 Jan 2009 11:24:42 -0800 (PST) To: Subject: RE: Important safety information From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090120192443.5CE563A685F@core3.amsl.com> Date: Tue, 20 Jan 2009 11:24:42 -0800 (PST)
We ship Worldwide! To all countries! To all destinations!
Dont see a picture? Click Here!

To unsubscribe from this mailing list, please log in to www.independencewash.com, click on "My Account", click "Update" to edit your registration details and uncheck the "Receive Newsletter?" check box.
Or unsubscribe at http://independencewash.com/faq.php

Privacy Statement | Terms & Conditions | Contact

BRANDKEYWORD Ltd.
Tower Bridge Business Complex. Unit 1, B885. 552 Clements Road. London. SE72 3DG

© 2006-2008 BRANDKEYWORD, Ltd. All Rights Reserved

From mingwu-jakustoo@3w-company.de Tue Jan 20 22:53:34 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3272C3A67CC for ; Tue, 20 Jan 2009 22:53:34 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.737 X-Spam-Level: X-Spam-Status: No, score=-1.737 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, GB_I_LETTER=-2, HELO_DYNAMIC_IPADDR2=4.395, HELO_EQ_AU=0.377, HOST_EQ_AU=0.327, HOST_EQ_STATIC=1.172, HTML_IMAGE_ONLY_32=1.778, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_XBL=3.033, TVD_RCVD_IP=1.931, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JTiXHaatIKmO for ; Tue, 20 Jan 2009 22:53:27 -0800 (PST) Received: from 60-241-209-161.static.tpgi.com.au (60-241-209-161.static.tpgi.com.au [60.241.209.161]) by core3.amsl.com (Postfix) with SMTP id 391743A6955 for ; Tue, 20 Jan 2009 22:53:22 -0800 (PST) To: Subject: RE: Important safety information From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090121065324.391743A6955@core3.amsl.com> Date: Tue, 20 Jan 2009 22:53:22 -0800 (PST)
We ship Worldwide! To all countries! To all destinations!
Not see a picture? Click Here!

To unsubscribe from this mailing list, please log in to www.notedefinition.com, click on "My Account", click "Update" to edit your registration details and uncheck the "Receive Newsletter?" check box.
Or unsubscribe at http://methoddegree.com/faq.php

Privacy Statement | Terms & Conditions | Contact

BRANDKEYWORD Ltd.
Tower Bridge Business Complex. Unit 9, B522. 404 Clements Road. London. SE45 1DG

© 2006-2008 BRANDKEYWORD, Ltd. All Rights Reserved

From kabore_issa1@yahoo.com Wed Jan 21 04:27:20 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 97B5228C11C for ; Wed, 21 Jan 2009 04:27:20 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 4.78 X-Spam-Level: **** X-Spam-Status: No, score=4.78 tagged_above=-999 required=5 tests=[BAYES_99=3.5, HTML_MESSAGE=0.001, J_CHICKENPOX_73=0.6, SARE_SUB_GOOD_DAY=0.679] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j7AY2mfFkn76 for ; Wed, 21 Jan 2009 04:27:19 -0800 (PST) Received: from n75a.bullet.mail.sp1.yahoo.com (n75a.bullet.mail.sp1.yahoo.com [98.136.45.22]) by core3.amsl.com (Postfix) with SMTP id 76A3128C119 for ; Wed, 21 Jan 2009 04:27:19 -0800 (PST) Received: from [216.252.122.218] by n75.bullet.mail.sp1.yahoo.com with NNFMP; 21 Jan 2009 12:27:02 -0000 Received: from [67.195.9.83] by t3.bullet.sp1.yahoo.com with NNFMP; 21 Jan 2009 12:27:02 -0000 Received: from [67.195.9.100] by t3.bullet.mail.gq1.yahoo.com with NNFMP; 21 Jan 2009 12:27:02 -0000 Received: from [127.0.0.1] by omp104.mail.gq1.yahoo.com with NNFMP; 21 Jan 2009 12:27:02 -0000 X-Yahoo-Newman-Property: ymail-5 X-Yahoo-Newman-Id: 224289.48953.bm@omp104.mail.gq1.yahoo.com Received: (qmail 46833 invoked by uid 60001); 21 Jan 2009 12:27:02 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ymail_nen1; d=yahoo.com; h=Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=udeX4N6s1yjH70pLdxg3elx1B5xyue1eBgYAopGoxJMLuGbB25cewbdWW8lG55ENc+grV1IEN33HGTAgO5lchCfQRmW3v2wxQi0PY7zII1zIPVt3VMxmMVKxVSvjdMiZR/0E6ynge4MCOSjrv3ZG1CjPysAW7ajahTTpZCV3fX4=; Received: from [41.203.232.247] by web112215.mail.gq1.yahoo.com via HTTP; Wed, 21 Jan 2009 04:27:01 PST Date: Wed, 21 Jan 2009 04:27:01 -0800 (PST) From: Kabore Issa Subject: GOOD DAY To: smime-archive@ietf.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="0-1594867165-1232540821=:37735" Content-Transfer-Encoding: 8bit Message-ID: <178.37735.qm@web112215.mail.gq1.yahoo.com> --0-1594867165-1232540821=:37735 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit I have a new email address!You can now email me at: kabore_issa1@yahoo.com - Dear Partner, It's just my urgent need for Foreign Partner that made me to contact you for this transaction. i am a Banker by Profession from Burkina Faso in west Africa and Currently holding the Post Of Foreign Remittance Manager in our Bank. I have the opportunity of transferring the left over funds ($5.3Million) of one of my bank clients who died in the World trade Centre in America September 2001. Hence, I am inviting you for a business deal where this money can be shared between us in the ratio of 60 % for me / 40 % for you alone .Further details of the transaction will be forwarded to you as soon as i receive your return mail, Have a great day. TRUST IS THE ENVELOPE TO OUR SUCCESS.Mr .kabore issa --0-1594867165-1232540821=:37735 Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: 8bit
I have a new email address!
You can now email me at: kabore_issa1@yahoo.com



- Dear Partner, It's just my urgent need for Foreign Partner that made me to contact you for this transaction. i am a Banker by Profession from Burkina Faso in west Africa and Currently holding the Post Of Foreign Remittance Manager in our Bank. I have the opportunity of transferring the left over funds ($5.3Million) of one of my bank clients who died in the World trade Centre in America September 2001. Hence, I am inviting you for a business deal where this money can be share d between us in the ratio of 60 % for me / 40 % for you alone .Further details of the transaction will be forwarded to you as soon as i receive your return mail, Have a great day. TRUST IS THE ENVELOPE TO OUR SUCCESS.Mr .kabore issa
--0-1594867165-1232540821=:37735-- From money@45.kg Wed Jan 21 06:36:30 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 22EB83A6B48 for ; Wed, 21 Jan 2009 06:36:30 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -30.89 X-Spam-Level: X-Spam-Status: No, score=-30.89 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_RELAY_NODNS=1.451, GB_I_LETTER=-2, HELO_MISMATCH_NET=0.611, HTML_IMAGE_ONLY_32=1.778, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, RDNS_NONE=0.1, SARE_UNA=1.231, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9y6DluzsIgBW for ; Wed, 21 Jan 2009 06:36:27 -0800 (PST) Received: from 2by2.net (unknown [189.29.167.153]) by core3.amsl.com (Postfix) with SMTP id A05403A67A1 for ; Wed, 21 Jan 2009 06:36:25 -0800 (PST) To: Subject: Member Services From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090121143625.A05403A67A1@core3.amsl.com> Date: Wed, 21 Jan 2009 06:36:25 -0800 (PST)

Do not see a picture? Visit our site now!

*Offer expires January 31, 2009.

As a valued Windows Live Hotmail customer, we hope you find this Windows Vista Ultimate offer valuable. If you would prefer to no longer receive promotional offers about Windows Vista Ultimate please click here.

For general information about how to manage your Communication Preferences with Microsoft please click here.

If you have questions about Microsoft privacy policies, please read our online Privacy Statement.

Opting out of Microsoft e-mail offers will not affect any newsletters you have requested nor restrict important customer communications concerning your Microsoft products.

Microsoft Corporation
One Microsoft Way
Redmond, WA 96565

..
Message-Id: <20098735490191.6F1D.20453110-5765@cimail13.msn.com>
From mstockett@aacps.org Wed Jan 21 07:28:13 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 08D373A6B52 for ; Wed, 21 Jan 2009 07:28:13 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -15.188 X-Spam-Level: X-Spam-Status: No, score=-15.188 tagged_above=-999 required=5 tests=[BAYES_99=3.5, GB_I_LETTER=-2, HTML_IMAGE_ONLY_32=1.778, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_XBL=3.033, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2Z846eC91Myo for ; Wed, 21 Jan 2009 07:28:09 -0800 (PST) Received: from cargoclix.vestel.bg (cargoclix.vestel.bg [79.100.192.23]) by core3.amsl.com (Postfix) with SMTP id 12BD03A67F4 for ; Wed, 21 Jan 2009 07:28:07 -0800 (PST) To: Subject: Re: Message from President From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090121152808.12BD03A67F4@core3.amsl.com> Date: Wed, 21 Jan 2009 07:28:07 -0800 (PST)
We ship Worldwide! To all countries! To all destinations!
Cant see a picture? Click Here!

To unsubscribe from this mailing list, please log in to www.backfamous.com, click on "My Account", click "Update" to edit your registration details and uncheck the "Receive Newsletter?" check box.
Or unsubscribe at http://backfamous.com/faq.php

Privacy Statement | Terms & Conditions | Contact

BRANDKEYWORD Ltd.
Tower Bridge Business Complex. Unit 1, B523. 457 Clements Road. London. SE54 4DG

© 2006-2008 BRANDKEYWORD, Ltd. All Rights Reserved

From luna.liliana@amschool.edu.sv Wed Jan 21 08:26:05 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E49DF3A6990 for ; Wed, 21 Jan 2009 08:26:05 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -17.172 X-Spam-Level: X-Spam-Status: No, score=-17.172 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_RELAY_NODNS=1.451, GB_I_LETTER=-2, HELO_MISMATCH_COM=0.553, HTML_IMAGE_ONLY_32=1.778, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, RDNS_NONE=0.1, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rPsHLvZzltjV for ; Wed, 21 Jan 2009 08:26:04 -0800 (PST) Received: from amerisecure.com (unknown [190.49.183.205]) by core3.amsl.com (Postfix) with SMTP id 753333A694F for ; Wed, 21 Jan 2009 08:26:01 -0800 (PST) To: Subject: Re: Message from President From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090121162602.753333A694F@core3.amsl.com> Date: Wed, 21 Jan 2009 08:26:01 -0800 (PST)
We ship Worldwide! To all countries! To all destinations!
Cant see a picture? Click Here!

To unsubscribe from this mailing list, please log in to www.traditionraise.com, click on "My Account", click "Update" to edit your registration details and uncheck the "Receive Newsletter?" check box.
Or unsubscribe at http://traditionraise.com/faq.php

Privacy Statement | Terms & Conditions | Contact

BRANDKEYWORD Ltd.
Tower Bridge Business Complex. Unit 7, B808. 664 Clements Road. London. SE33 2DG

© 2006-2008 BRANDKEYWORD, Ltd. All Rights Reserved

From fley@ussd.com Wed Jan 21 14:25:59 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DCF8D28C13D; Wed, 21 Jan 2009 14:25:59 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -56.871 X-Spam-Level: X-Spam-Status: No, score=-56.871 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, HELO_MISMATCH_COM=0.553, HOST_EQ_SK=0.555, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_XBL=3.033, TVD_RCVD_IP=1.931, URIBL_AB_SURBL=10, URIBL_BLACK=20, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rw9hhKeec0Bh; Wed, 21 Jan 2009 14:25:58 -0800 (PST) Received: from 212-95-32-105.internetserviceteam.com (core.ctn.sk [62.168.65.122]) by core3.amsl.com (Postfix) with SMTP id 4401328C180; Wed, 21 Jan 2009 14:25:51 -0800 (PST) X-Originating-IP: 72.184.104.98 by smtp.212.95.32.105; Wed, 21 Jan 2009 15:28:23 -0700 Message-ID: Subject: Get 15% off these watches Date: Wed, 21 Jan 2009 17:28:23 -0500 From: "Frederic Curry" To: "Ralph Potter" Content-Type: text/plain; Content-Transfer-Encoding: 7bit Dear Ralph, Looking for a Bvlgari? How about getting two, one for you and one for your spouse? http://parkereow.2gb.cc We are offering wholesaler prices on all watches during the month of January 2009. http://parkereow.2gb.cc Our Bvlgari watches have perfect weight and feel same as orginal. Sincerely, Mr Potter From na2mishra@abacusinfo.com Wed Jan 21 16:49:55 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5C4933A699E for ; Wed, 21 Jan 2009 16:49:55 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -37.583 X-Spam-Level: X-Spam-Status: No, score=-37.583 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, GB_I_LETTER=-2, HELO_DYNAMIC_IPADDR2=4.395, HELO_EQ_DSL=1.129, HTML_IMAGE_ONLY_32=1.778, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_SORBS_DUL=0.877, RDNS_DYNAMIC=0.1, TVD_RCVD_IP=1.931, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cqZidd3Iu4cx for ; Wed, 21 Jan 2009 16:49:54 -0800 (PST) Received: from 66-252-56-116.dyn-adsl.midmaine.net (66-252-56-116.dyn-adsl.midmaine.net [66.252.56.116]) by core3.amsl.com (Postfix) with SMTP id DC7C93A6784 for ; Wed, 21 Jan 2009 16:49:51 -0800 (PST) To: Subject: Check out hot deals From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090122004952.DC7C93A6784@core3.amsl.com> Date: Wed, 21 Jan 2009 16:49:51 -0800 (PST)
We ship Worldwide! To all countries! To all destinations!
Cant see a picture? Click Here!

To unsubscribe from this mailing list, please log in to www.quotientscore.com, click on "My Account", click "Update" to edit your registration details and uncheck the "Receive Newsletter?" check box.
Or unsubscribe at http://quotientscore.com/faq.php

Privacy Statement | Terms & Conditions | Contact

BRANDKEYWORD Ltd.
Tower Bridge Business Complex. Unit 4, B747. 143 Clements Road. London. SE71 7DG

© 2006-2008 BRANDKEYWORD, Ltd. All Rights Reserved

From Hemang@onlinecasinosites.in Wed Jan 21 23:36:03 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6D6AE3A699E for ; Wed, 21 Jan 2009 23:36:03 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 1.459 X-Spam-Level: * X-Spam-Status: No, score=1.459 tagged_above=-999 required=5 tests=[BAYES_50=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qJZcuGs3RSvm for ; Wed, 21 Jan 2009 23:36:02 -0800 (PST) Received: from vps.bestinternetcasino.in (vps.bestinternetcasino.in [208.43.29.97]) by core3.amsl.com (Postfix) with ESMTP id 831963A6A88 for ; Wed, 21 Jan 2009 23:36:02 -0800 (PST) Received: from [122.163.156.54] (helo=onlinecasinosites.in) by vps.bestinternetcasino.in with esmtpa (Exim 4.69) (envelope-from ) id 1LPu6J-0000Q5-Sd for smime-archive@ietf.org; Thu, 22 Jan 2009 07:35:44 +0000 Message-ID: <20090122073551031.hRyV6dKwefMbhoOKDPSs@vps.bestinternetcasino.in> From: "Trade Pointer" To: "Smime-archive" Subject: Help me find concened person in your company. Reply-to: Date: Thu, 22 Jan 2009 13:05:51 +0530 MIME-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - vps.bestinternetcasino.in X-AntiAbuse: Original Domain - ietf.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - onlinecasinosites.in To,

To,

ESGI LEATHER EXPORTS

 

Dear ,

 

I am Ms Geeta Rawat, Assistent Manager - Corp Sales, InfodriveIndia Pvt Ltd.

 

I want to contact person in charge of International Business or Market Research in your company.

 

Can you please forward my email to concerned person or advise me his email and contact phone ?

 

Allow me to briefly explain to you what we do.

 

InfodriveIndia helps clients to find active buyers, suppliers, prices from actual shipment data from customs.

We are the largest Export Import trade Intelligence provider in  India with a network of partners in 20 countries like US, UK ,

China , IndiaRussia , Sri Lanka , BrazilArgentina , Peru etc.

 

We have offices in New Delhi and Calcutta and have served more then 10,000 clients in last 12 years. Our clients list includes

blue chips like Reliance, Birla group, Tata, Samsung, Wipro, LG, Sony to small startups.

 

I was thinking that you may like to have some understanding of our work and how your organization can benefit from it. And if I am

not suggesting that you should consider working with us, I thought it may be interesting to make myself and our work known to you.

 

Please do give my email a thought and do get back to me with your comments. You may visit our website for more information.

 

Many thanks in advance for your attention and look forward to hearing from you soon.

 

 

Kind regards.

 

Ms Geeta Rawat

Relationship Manager

 

InfodriveIndia Pvt Ltd.

Board : 91-11-40703000

Direct : 91-11-40703040

Fax : 91-11-41605676

E-153, 1st Floor, Kalkaji Main Road

Kalkaji

New Delhi -110019

India

email : infodriveindia@gmail.com

 

This email is from InfodriveIndia Pvt Limited, a company registered in India , whose registered office is at 28/6, 3rd floor, 8,  Ho-chi-minh sarani, Calcuta -700071,India.This message is private and confidential. If you have received this message in error, please return it to the sender or call our boardlines on   91-11-40703000and remove it from your system. The opinions expressed within this communication are not necessarily those expressed by InfodriveIndia Pvt Limited. For more information visit our website.

 

To unsubscribe please click here.

From mxf@ab.sify.net Thu Jan 22 00:58:06 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CCA9F3A6AAD for ; Thu, 22 Jan 2009 00:58:06 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -22.971 X-Spam-Level: X-Spam-Status: No, score=-22.971 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_RELAY_NODNS=1.451, GB_I_LETTER=-2, HELO_MISMATCH_UK=1.749, HTML_IMAGE_ONLY_32=1.778, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_NONE=0.1, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jTFkYImcRedw for ; Thu, 22 Jan 2009 00:58:06 -0800 (PST) Received: from accura.co.uk (unknown [83.228.29.85]) by core3.amsl.com (Postfix) with SMTP id 0B8F73A6B2A for ; Thu, 22 Jan 2009 00:58:04 -0800 (PST) To: Subject: Receipt for Your Payment From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090122085805.0B8F73A6B2A@core3.amsl.com> Date: Thu, 22 Jan 2009 00:58:04 -0800 (PST)
We ship Worldwide! To all countries! To all destinations!
Cant see a picture? Click Here!

To unsubscribe from this mailing list, please log in to www.intuitionfig.com, click on "My Account", click "Update" to edit your registration details and uncheck the "Receive Newsletter?" check box.
Or unsubscribe at http://intuitionfig.com/faq.php

Privacy Statement | Terms & Conditions | Contact

BRANDKEYWORD Ltd.
Tower Bridge Business Complex. Unit 9, B401. 727 Clements Road. London. SE91 9DG

© 2006-2008 BRANDKEYWORD, Ltd. All Rights Reserved

From alexandra@fafiman.br Thu Jan 22 01:39:39 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9D0CB3A6A68; Thu, 22 Jan 2009 01:39:39 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -64.088 X-Spam-Level: X-Spam-Status: No, score=-64.088 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_XBL=3.033, RDNS_NONE=0.1, TVD_RCVD_IP=1.931, URIBL_BLACK=20, URIBL_PH_SURBL=1.787, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id teIn1hdLuwGd; Thu, 22 Jan 2009 01:39:33 -0800 (PST) Received: from 212-95-32-105.internetserviceteam.com (unknown [77.224.243.5]) by core3.amsl.com (Postfix) with SMTP id 3B06C3A6A4A; Thu, 22 Jan 2009 01:39:27 -0800 (PST) X-Originating-IP: 86.2.180.124 by smtp.212.95.32.105; Thu, 22 Jan 2009 11:32:59 +0200 Message-ID: Subject: Take a look at the Omega watches! Date: Thu, 22 Jan 2009 04:41:59 -0500 From: "Rosie Ruiz" To: "Mitchel Frederick" Content-Type: text/plain; Content-Transfer-Encoding: 7bit Dear Mitchel, New Year is the time to get Jaeger LeCoultre watch, and the only place to get top notch watches that look and perform exactly like the originals is http://fosterbij.blackapplehost.com The best news is that in January (2009) you can buy two watches and get an extra 15% off your purchase! http://fosterbij.blackapplehost.com Our Jaeger LeCoultre watches have perfect weight and feel same as orginal. Sincerely, Mr Frederick From designs@blockstyle.com Thu Jan 22 02:50:35 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6D5BA3A68BA; Thu, 22 Jan 2009 02:50:35 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -57.193 X-Spam-Level: X-Spam-Status: No, score=-57.193 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, TVD_RCVD_IP=1.931, URIBL_AB_SURBL=10, URIBL_BLACK=20, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qSdUksZ48jTz; Thu, 22 Jan 2009 02:50:34 -0800 (PST) Received: from 212-95-32-105.internetserviceteam.com (a24-126.adsl.paltel.net [213.6.24.126]) by core3.amsl.com (Postfix) with SMTP id 6838928C154; Thu, 22 Jan 2009 02:49:53 -0800 (PST) X-Originating-IP: 120.32.250.120 by smtp.212.95.32.105; Thu, 22 Jan 2009 11:44:36 +0200 Message-ID: Subject: Omega rep is a ultimate gift Date: Thu, 22 Jan 2009 04:49:36 -0500 From: "Isabelle Brantley" To: "Marco Mejia" Content-Type: text/plain; Content-Transfer-Encoding: 7bit X-Antivirus: avast! (VPS 081015-0, 10/15/2008), Outbound message X-Antivirus-Status: Clean Dear Marco, If you've waited to get your Chopard watch, this is the right time to go for it. http://scottuna.hostshield.com The best news is that in January (2009) you can buy two watches and get an extra 15% off your purchase! http://scottuna.hostshield.com Our Chopard watches have perfect weight and feel same as orginal. Sincerely, Mr Mejia From mvbirgelenn@ambridge.nl Thu Jan 22 03:58:38 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 778133A68BA for ; Thu, 22 Jan 2009 03:58:38 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -7.053 X-Spam-Level: X-Spam-Status: No, score=-7.053 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_PACBELL_D=3.944, FM_DDDD_TIMES_2=1.999, GB_I_LETTER=-2, HELO_DYNAMIC_DHCP=1.398, HELO_DYNAMIC_HCC=4.295, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_DSL=1.129, HTML_IMAGE_ONLY_32=1.778, HTML_MESSAGE=0.001, IP_NOT_FRIENDLY=0.334, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_UNA=1.231, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 72N-RGIDKVnN for ; Thu, 22 Jan 2009 03:58:34 -0800 (PST) Received: from adsl-69-109-220-241.dsl.pltn13.pacbell.net (adsl-69-109-220-241.dsl.pltn13.pacbell.net [69.109.220.241]) by core3.amsl.com (Postfix) with SMTP id F00633A676A for ; Thu, 22 Jan 2009 03:58:29 -0800 (PST) To: Subject: RE: Windows Live Team From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090122115831.F00633A676A@core3.amsl.com> Date: Thu, 22 Jan 2009 03:58:29 -0800 (PST)

Do not see a picture? Visit our site now!

*Offer expires January 31, 2009.

As a valued Windows Live Hotmail customer, we hope you find this Windows Vista Ultimate offer valuable. If you would prefer to no longer receive promotional offers about Windows Vista Ultimate please click here.

For general information about how to manage your Communication Preferences with Microsoft please click here.

If you have questions about Microsoft privacy policies, please read our online Privacy Statement.

Opting out of Microsoft e-mail offers will not affect any newsletters you have requested nor restrict important customer communications concerning your Microsoft products.

Microsoft Corporation
One Microsoft Way
Redmond, WA 94670

..
Message-Id: <20090868485483.4F1D.80217809-3318@cimail17.msn.com>
From maurici.rocha.pa@allianz.es Thu Jan 22 05:15:00 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E761828C16F for ; Thu, 22 Jan 2009 05:15:00 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -20.268 X-Spam-Level: X-Spam-Status: No, score=-20.268 tagged_above=-999 required=5 tests=[BAYES_99=3.5, DNS_FROM_RFC_DSN=1.495, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, GB_I_LETTER=-2, HELO_EQ_AU=0.377, HOST_EQ_BR=1.295, HTML_IMAGE_ONLY_32=1.778, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A2scapstcWDZ for ; Thu, 22 Jan 2009 05:15:00 -0800 (PST) Received: from allflex.com.au (189-84-170-206.sodobrasil.net.br [189.84.170.206]) by core3.amsl.com (Postfix) with SMTP id 32A1B28C15A for ; Thu, 22 Jan 2009 05:14:54 -0800 (PST) To: Subject: Check out hot deals From: MIME-Version: 1.0 Importance: High Content-Type: text/html X-Antivirus: avast! (VPS 080731-0, 31/07/2008), Outbound message X-Antivirus-Status: Clean Message-Id: <20090122131457.32A1B28C15A@core3.amsl.com> Date: Thu, 22 Jan 2009 05:14:54 -0800 (PST)
We ship Worldwide! To all countries! To all destinations!
Cant see a picture? Click Here!

To unsubscribe from this mailing list, please log in to www.intuitionfig.com, click on "My Account", click "Update" to edit your registration details and uncheck the "Receive Newsletter?" check box.
Or unsubscribe at http://intuitionfig.com/faq.php

Privacy Statement | Terms & Conditions | Contact

BRANDKEYWORD Ltd.
Tower Bridge Business Complex. Unit 1, B440. 085 Clements Road. London. SE53 0DG

© 2006-2008 BRANDKEYWORD, Ltd. All Rights Reserved

From anita.wong@southcovemanor.com Thu Jan 22 17:22:49 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 62A863A67DF; Thu, 22 Jan 2009 17:22:49 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -29.208 X-Spam-Level: X-Spam-Status: No, score=-29.208 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, RDNS_NONE=0.1, RELAY_IS_222=2.179, TVD_RCVD_IP=1.931, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SBL=20, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lppoKLxnBGvu; Thu, 22 Jan 2009 17:22:48 -0800 (PST) Received: from 212-95-32-105.internetserviceteam.com (unknown [222.124.220.202]) by core3.amsl.com (Postfix) with SMTP id 25DC13A694A; Thu, 22 Jan 2009 17:22:30 -0800 (PST) X-Originating-IP: 8.224.210.214 by smtp.212.95.32.105; Fri, 23 Jan 2009 06:23:00 +0500 Message-ID: Subject: Winter quality watches offer Date: Thu, 22 Jan 2009 20:25:00 -0500 From: "Madeleine Hatcher" To: "Charlie Jean" Content-Type: text/plain; Content-Transfer-Encoding: 7bit Dear Charlie, New Year is the time to get Longines watch, and the only place to get top notch watches that look and perform exactly like the originals is http://www.mainmalt.com We are offering wholesaler prices on all watches during the month of January 2009. http://www.mainmalt.com Our Longines watches have all appropriate markings, wordings and engravings same as orginal. Sincerely, Mr Jean From a1aaa1azzzz1zaaaaa@zabi.org Thu Jan 22 18:58:15 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 28D023A69E9; Thu, 22 Jan 2009 18:58:15 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -13.606 X-Spam-Level: X-Spam-Status: No, score=-13.606 tagged_above=-999 required=5 tests=[BAYES_95=3, FH_HELO_EQ_D_D_D_D=1.597, HOST_EQ_MODEMCABLE=1.368, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, TVD_RCVD_IP=1.931, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SBL=20, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id auIXTBa0HmaB; Thu, 22 Jan 2009 18:58:08 -0800 (PST) Received: from 212-95-32-105.internetserviceteam.com (cpc1-bele5-0-0-cust662.belf.cable.ntl.com [82.16.122.151]) by core3.amsl.com (Postfix) with SMTP id 80DDF28C13A; Thu, 22 Jan 2009 18:57:24 -0800 (PST) X-Originating-IP: 246.210.40.78 by smtp.212.95.32.105; Thu, 22 Jan 2009 20:54:07 -0500 Message-ID: Subject: Longines watches wholesale all year long! Date: Thu, 22 Jan 2009 20:57:07 -0500 From: "Kris Dyer" To: "Leona Meade" Content-Type: text/plain; Content-Transfer-Encoding: 7bit Dear Leona, I had never seen such beautiful and greatly-performing watches like the ones I found online at http://www.maintall.com With top notch customer service and super warranty, we stand behind our watches. http://www.maintall.com Our Bvlgari watches have perfect weight and feel same as orginal. Sincerely, Mr Meade From nakotad@ahdubai.com Fri Jan 23 02:20:45 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2595C3A6974 for ; Fri, 23 Jan 2009 02:20:45 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -19.191 X-Spam-Level: X-Spam-Status: No, score=-19.191 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_RELAY_NODNS=1.451, GB_I_LETTER=-2, HELO_DYNAMIC_IPADDR2=4.395, HELO_MISMATCH_NET=0.611, HTML_IMAGE_ONLY_32=1.778, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, RDNS_NONE=0.1, TVD_RCVD_IP=1.931, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2tCq3osHQSpt for ; Fri, 23 Jan 2009 02:20:42 -0800 (PST) Received: from 210-100-124-91.pool.ukrtel.net (unknown [94.178.153.214]) by core3.amsl.com (Postfix) with SMTP id 1DBF43A6874 for ; Fri, 23 Jan 2009 02:20:40 -0800 (PST) To: Subject: Mail could not be delivered From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090123102041.1DBF43A6874@core3.amsl.com> Date: Fri, 23 Jan 2009 02:20:40 -0800 (PST)
We ship Worldwide! To all countries! To all destinations!
Click Here!

To unsubscribe from this mailing list, please log in to www.probableshort.com, click on "My Account", click "Update" to edit your registration details and uncheck the "Receive Newsletter?" check box.
Or unsubscribe at http://probableshort.com/faq.php

Privacy Statement | Terms & Conditions | Contact

BRANDKEYWORD Ltd.
Tower Bridge Business Complex. Unit 1, B391. 078 Clements Road. London. SE28 7DG

© 2006-2009 BRANDKEYWORD, Ltd. All Rights Reserved

From nehlert@americanfederal.net Fri Jan 23 05:34:39 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 265B43A68D7 for ; Fri, 23 Jan 2009 05:34:39 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -29.534 X-Spam-Level: X-Spam-Status: No, score=-29.534 tagged_above=-999 required=5 tests=[AWL=19.886, BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, GB_I_LETTER=-2, HELO_DYNAMIC_IPADDR2=4.395, HELO_EQ_BR=0.955, HELO_EQ_DYNAMIC=1.144, HOST_EQ_BR=1.295, HTML_IMAGE_ONLY_32=1.778, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, TVD_RCVD_IP=1.931, URIBL_AB_SURBL=10, URIBL_JP_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QRHilv+9hsqh for ; Fri, 23 Jan 2009 05:34:38 -0800 (PST) Received: from 189-015-190-148.xd-dynamic.ctbcnetsuper.com.br (189-015-190-148.xd-dynamic.ctbcnetsuper.com.br [189.15.190.148]) by core3.amsl.com (Postfix) with SMTP id 1B2273A6858 for ; Fri, 23 Jan 2009 05:34:33 -0800 (PST) To: Subject: InterScan MSS Notification From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090123133435.1B2273A6858@core3.amsl.com> Date: Fri, 23 Jan 2009 05:34:33 -0800 (PST)
We ship Worldwide! To all countries! To all destinations!
Click Here!

To unsubscribe from this mailing list, please log in to www.especiallylot.com, click on "My Account", click "Update" to edit your registration details and uncheck the "Receive Newsletter?" check box.
Or unsubscribe at http://especiallylot.com/faq.php

Privacy Statement | Terms & Conditions | Contact

BRANDKEYWORD Ltd.
Tower Bridge Business Complex. Unit 8, B445. 146 Clements Road. London. SE59 1DG

© 2006-2009 BRANDKEYWORD, Ltd. All Rights Reserved

From csmith@youthservicebureau.net Fri Jan 23 05:56:59 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2FEDD3A6858; Fri, 23 Jan 2009 05:56:59 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -57.835 X-Spam-Level: X-Spam-Status: No, score=-57.835 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RCVD_IN_XBL=3.033, RDNS_NONE=0.1, TVD_RCVD_IP=1.931, URIBL_AB_SURBL=10, URIBL_BLACK=20, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Lm+8vmM9K7+e; Fri, 23 Jan 2009 05:56:58 -0800 (PST) Received: from 212-95-32-105.internetserviceteam.com (unknown [78.188.106.117]) by core3.amsl.com (Postfix) with SMTP id 7338F3A6867; Fri, 23 Jan 2009 05:56:49 -0800 (PST) X-Originating-IP: 70.216.70.84 by smtp.212.95.32.105; Fri, 23 Jan 2009 12:56:18 -0100 Message-ID: Subject: Looking for a rep watch? Date: Fri, 23 Jan 2009 08:59:18 -0500 From: "Nestor Griffin" To: "Sharon Busby" Content-Type: text/plain; Content-Transfer-Encoding: 7bit Dear Sharon, Looking for a Vacheron Constantin watch that no one can tell from the original? You're in luck, because we have the best copies http://gonzalestxf.hostmo.com We are offering wholesaler prices on all watches during the month of January 2009. http://gonzalestxf.hostmo.com Our Vacheron Constantin watches have all appropriate markings, wordings and engravings same as orginal. Sincerely, Mr Busby From a.tetteroo@verkaart.nl Fri Jan 23 06:31:57 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 93BAF28C0DB; Fri, 23 Jan 2009 06:31:57 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -53.852 X-Spam-Level: X-Spam-Status: No, score=-53.852 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, HELO_MISMATCH_COM=0.553, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, TVD_RCVD_IP=1.931, URIBL_AB_SURBL=10, URIBL_BLACK=20, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MGD5pKzxw4T9; Fri, 23 Jan 2009 06:31:57 -0800 (PST) Received: from 212-95-32-105.internetserviceteam.com (18.37.217.87.dynamic.jazztel.es [87.217.37.18]) by core3.amsl.com (Postfix) with SMTP id 8C25228C1A7; Fri, 23 Jan 2009 06:31:43 -0800 (PST) X-Originating-IP: 186.132.124.0 by smtp.212.95.32.105; Fri, 23 Jan 2009 15:27:25 +0200 Message-ID: Subject: New rep watches delivered fast Date: Fri, 23 Jan 2009 08:31:25 -0500 From: "Collin Irwin" To: "Jenna Dean" Content-Type: text/plain; Content-Transfer-Encoding: 7bit Dear Jenna, New Year is the time to get Jaeger LeCoultre watch, and the only place to get top notch watches that look and perform exactly like the originals is http://morganzfh.hostmo.com We are offering wholesaler prices on all watches during the month of January 2009. http://morganzfh.hostmo.com Our Jaeger LeCoultre watches have perfect weight and feel same as orginal. Sincerely, Mr Dean From owner-ietf-smime@mail.imc.org Fri Jan 23 16:22:04 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 64AFB3A67F9 for ; Fri, 23 Jan 2009 16:22:04 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -16.732 X-Spam-Level: X-Spam-Status: No, score=-16.732 tagged_above=-999 required=5 tests=[AWL=0.867, BAYES_00=-2.599, USER_IN_DEF_WHITELIST=-15] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZvYGyZxK39Kv for ; Fri, 23 Jan 2009 16:22:03 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 353D83A66B4 for ; Fri, 23 Jan 2009 16:22:02 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0O09POW070270 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 23 Jan 2009 17:09:25 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n0O09Pk6070269; Fri, 23 Jan 2009 17:09:25 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from bosco.isi.edu (bosco.isi.edu [128.9.168.207]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0O09E3J070259 for ; Fri, 23 Jan 2009 17:09:24 -0700 (MST) (envelope-from rfc-editor@rfc-editor.org) Received: by bosco.isi.edu (Postfix, from userid 70) id F0C061F6DD4; Fri, 23 Jan 2009 16:09:13 -0800 (PST) To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org Subject: RFC 5409 on Using the Boneh-Franklin and Boneh-Boyen Identity-Based Encryption Algorithms with the Cryptographic Message Syntax (CMS) From: rfc-editor@rfc-editor.org Cc: rfc-editor@rfc-editor.org, ietf-smime@imc.org Message-Id: <20090124000913.F0C061F6DD4@bosco.isi.edu> Date: Fri, 23 Jan 2009 16:09:13 -0800 (PST) Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: A new Request for Comments is now available in online RFC libraries. RFC 5409 Title: Using the Boneh-Franklin and Boneh-Boyen Identity-Based Encryption Algorithms with the Cryptographic Message Syntax (CMS) Author: L. Martin, M. Schertler Status: Informational Date: January 2009 Mailbox: martin@voltage.com, mschertler@us.axway.com Pages: 13 Characters: 25481 Updates/Obsoletes/SeeAlso: None I-D Tag: draft-ietf-smime-bfibecms-10.txt URL: http://www.rfc-editor.org/rfc/rfc5409.txt This document describes the conventions for using the Boneh-Franklin (BF) and Boneh-Boyen (BB1) identity-based encryption algorithms in the Cryptographic Message Syntax (CMS) to encrypt content-encryption keys. Object identifiers and the convention for encoding a recipient's identity are also defined. This memo provides information for the Internet community. This document is a product of the S/MIME Mail Security Working Group of the IETF. INFORMATIONAL: This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. This announcement is sent to the IETF-Announce and rfc-dist lists. To subscribe or unsubscribe, see http://www.ietf.org/mailman/listinfo/ietf-announce http://mailman.rfc-editor.org/mailman/listinfo/rfc-dist For searching the RFC series, see http://www.rfc-editor.org/rfcsearch.html. For downloading RFCs, see http://www.rfc-editor.org/rfc.html. Requests for special distribution should be addressed to either the author of the RFC in question, or to rfc-editor@rfc-editor.org. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution. The RFC Editor Team USC/Information Sciences Institute From owner-ietf-smime@mail.imc.org Fri Jan 23 16:22:14 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E6CC83A66B4 for ; Fri, 23 Jan 2009 16:22:14 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -16.739 X-Spam-Level: X-Spam-Status: No, score=-16.739 tagged_above=-999 required=5 tests=[AWL=0.860, BAYES_00=-2.599, USER_IN_DEF_WHITELIST=-15] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ocUtCWyzu04x for ; Fri, 23 Jan 2009 16:22:14 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id B5E263A67F9 for ; Fri, 23 Jan 2009 16:22:13 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0O0DITK070578 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 23 Jan 2009 17:13:18 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n0O0DIn5070577; Fri, 23 Jan 2009 17:13:18 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from bosco.isi.edu (bosco.isi.edu [128.9.168.207]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0O0DITw070569 for ; Fri, 23 Jan 2009 17:13:18 -0700 (MST) (envelope-from rfc-editor@rfc-editor.org) Received: by bosco.isi.edu (Postfix, from userid 70) id 2B1731F6DD8; Fri, 23 Jan 2009 16:13:18 -0800 (PST) To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org Subject: RFC 5408 on Identity-Based Encryption Architecture and Supporting Data Structures From: rfc-editor@rfc-editor.org Cc: rfc-editor@rfc-editor.org, ietf-smime@imc.org Message-Id: <20090124001318.2B1731F6DD8@bosco.isi.edu> Date: Fri, 23 Jan 2009 16:13:18 -0800 (PST) Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: A new Request for Comments is now available in online RFC libraries. RFC 5408 Title: Identity-Based Encryption Architecture and Supporting Data Structures Author: G. Appenzeller, L. Martin, M. Schertler Status: Informational Date: January 2009 Mailbox: appenz@cs.stanford.edu, martin@voltage.com, mschertler@us.axway.com Pages: 30 Characters: 62160 Updates/Obsoletes/SeeAlso: None I-D Tag: draft-ietf-smime-ibearch-09.txt URL: http://www.rfc-editor.org/rfc/rfc5408.txt This document describes the security architecture required to implement identity-based encryption, a public-key encryption technology that uses a user's identity as a public key. It also defines data structures that can be used to implement the technology. This memo provides information for the Internet community. This document is a product of the S/MIME Mail Security Working Group of the IETF. INFORMATIONAL: This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. This announcement is sent to the IETF-Announce and rfc-dist lists. To subscribe or unsubscribe, see http://www.ietf.org/mailman/listinfo/ietf-announce http://mailman.rfc-editor.org/mailman/listinfo/rfc-dist For searching the RFC series, see http://www.rfc-editor.org/rfcsearch.html. For downloading RFCs, see http://www.rfc-editor.org/rfc.html. Requests for special distribution should be addressed to either the author of the RFC in question, or to rfc-editor@rfc-editor.org. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution. The RFC Editor Team USC/Information Sciences Institute From lej@adcnet.it Fri Jan 23 17:13:49 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7AB3D3A68C6 for ; Fri, 23 Jan 2009 17:13:49 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -55.188 X-Spam-Level: X-Spam-Status: No, score=-55.188 tagged_above=-999 required=5 tests=[BAYES_99=3.5, GB_I_LETTER=-2, HTML_IMAGE_ONLY_32=1.778, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_XBL=3.033, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_RHS_DOB=1.083, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bljGVNA1z9hN for ; Fri, 23 Jan 2009 17:13:48 -0800 (PST) Received: from 089-101-223038.ntlworld.ie (089-101-223038.ntlworld.ie [89.101.223.38]) by core3.amsl.com (Postfix) with SMTP id C6E3A3A67F3 for ; Fri, 23 Jan 2009 17:13:46 -0800 (PST) To: Subject: Mail could not be delivered From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090124011347.C6E3A3A67F3@core3.amsl.com> Date: Fri, 23 Jan 2009 17:13:46 -0800 (PST)
We ship Worldwide! To all countries! To all destinations!
Click Here!

To unsubscribe from this mailing list, please log in to www.writehappiness.com, click on "My Account", click "Update" to edit your registration details and uncheck the "Receive Newsletter?" check box.
Or unsubscribe at http://writehappiness.com/faq.php

Privacy Statement | Terms & Conditions | Contact

BRANDKEYWORD Ltd.
Tower Bridge Business Complex. Unit 5, B927. 409 Clements Road. London. SE05 2DG

© 2006-2009 BRANDKEYWORD, Ltd. All Rights Reserved

From carla.sousa@organtex.com Fri Jan 23 18:26:31 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AF6ED3A67C1; Fri, 23 Jan 2009 18:26:31 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 2.582 X-Spam-Level: ** X-Spam-Status: No, score=2.582 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, HOST_EQ_USERONOCOM=1.444, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, TVD_RCVD_IP=1.931, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SBL=20, URIBL_SC_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sYlbGtPC209y; Fri, 23 Jan 2009 18:26:31 -0800 (PST) Received: from 212-95-32-105.internetserviceteam.com (84.121.156.170.dyn.user.ono.com [84.121.156.170]) by core3.amsl.com (Postfix) with SMTP id 4AC6E3A67F3; Fri, 23 Jan 2009 18:26:21 -0800 (PST) X-Originating-IP: 208.116.192.29 by smtp.212.95.32.105; Sat, 24 Jan 2009 01:24:50 -0100 Message-ID: Subject: Take a look at the Franck Muller watches! Date: Fri, 23 Jan 2009 21:28:50 -0500 From: "Karina Paige" To: "Yvonne Foster" Content-Type: text/plain; Content-Transfer-Encoding: 7bit Dear Yvonne, New Year is the time to get Franck Muller watch, and the only place to get top notch watches that look and perform exactly like the originals is http://www.tallfames.com The best news is that in January (2009) you can buy two watches and get an extra 15% off your purchase! http://www.tallfames.com Our Franck Muller watches have Weights/feels and looks exactly same as original. Sincerely, Mr Foster From keung@agora.bungi.com Sat Jan 24 02:57:01 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B0A0C28C143 for ; Sat, 24 Jan 2009 02:57:01 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -31.731 X-Spam-Level: X-Spam-Status: No, score=-31.731 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, GB_I_LETTER=-2, HELO_DYNAMIC_IPADDR2=4.395, HTML_IMAGE_ONLY_32=1.778, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, TVD_RCVD_IP=1.931, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_RHS_DOB=1.083, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cWPEhbA4dbMS for ; Sat, 24 Jan 2009 02:57:01 -0800 (PST) Received: from 71-37-16-81.tukw.qwest.net (71-37-16-81.tukw.qwest.net [71.37.16.81]) by core3.amsl.com (Postfix) with SMTP id 3238F3A6A89 for ; Sat, 24 Jan 2009 02:56:59 -0800 (PST) To: Subject: You've received an answer to your question From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090124105700.3238F3A6A89@core3.amsl.com> Date: Sat, 24 Jan 2009 02:56:59 -0800 (PST)
We ship Worldwide! To all countries! To all destinations!
Cant see a picture? Click Here!

To unsubscribe from this mailing list, please log in to www.progressfavor.com, click on "My Account", click "Update" to edit your registration details and uncheck the "Receive Newsletter?" check box.
Or unsubscribe at http://progressfavor.com/faq.php

Privacy Statement | Terms & Conditions | Contact

BRANDKEYWORD Ltd.
Tower Bridge Business Complex. Unit 2, B900. 043 Clements Road. London. SE56 1DG

© 2006-2008 BRANDKEYWORD, Ltd. All Rights Reserved

From mir.galka@aig.com Sat Jan 24 21:55:05 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3D4B53A67A7 for ; Sat, 24 Jan 2009 21:55:05 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -27.882 X-Spam-Level: X-Spam-Status: No, score=-27.882 tagged_above=-999 required=5 tests=[BAYES_99=3.5, GB_I_LETTER=-2, HELO_DYNAMIC_HCC=4.295, HELO_EQ_DSL=1.129, HTML_IMAGE_ONLY_32=1.778, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Iumuvgm3ce8g for ; Sat, 24 Jan 2009 21:55:04 -0800 (PST) Received: from user-514d816c.l3.c2.dsl.pol.co.uk (user-514d816c.l3.c2.dsl.pol.co.uk [81.77.129.108]) by core3.amsl.com (Postfix) with SMTP id 214DC3A672F for ; Sat, 24 Jan 2009 21:55:02 -0800 (PST) To: Subject: You've received an answer to your question From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090125055503.214DC3A672F@core3.amsl.com> Date: Sat, 24 Jan 2009 21:55:02 -0800 (PST)
We ship Worldwide! To all countries! To all destinations!
Cant see a picture? Click Here!

To unsubscribe from this mailing list, please log in to www.teachrealization.com, click on "My Account", click "Update" to edit your registration details and uncheck the "Receive Newsletter?" check box.
Or unsubscribe at http://teachrealization.com/faq.php

Privacy Statement | Terms & Conditions | Contact

BRANDKEYWORD Ltd.
Tower Bridge Business Complex. Unit 5, B337. 063 Clements Road. London. SE01 5DG

© 2006-2008 BRANDKEYWORD, Ltd. All Rights Reserved

From owner-ietf-smime@mail.imc.org Sat Jan 24 22:17:29 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 632B73A68B5 for ; Sat, 24 Jan 2009 22:17:29 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T-xx0eCuagmD for ; Sat, 24 Jan 2009 22:17:28 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id EF5093A68A4 for ; Sat, 24 Jan 2009 22:17:27 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0P60iPb036696 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 24 Jan 2009 23:00:44 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n0P60iWC036695; Sat, 24 Jan 2009 23:00:44 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from rv-out-0708.google.com (rv-out-0708.google.com [209.85.198.245]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0P60Xuw036689 for ; Sat, 24 Jan 2009 23:00:44 -0700 (MST) (envelope-from blaker@gmail.com) Received: by rv-out-0708.google.com with SMTP id c5so6259782rvf.34 for ; Sat, 24 Jan 2009 22:00:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type:content-transfer-encoding; bh=5K2G+l5Ki+ktBe9o8DlACCdSLTZng7hRPubu62ZKvME=; b=h3G7ZeyGmXrIctSPEfVq/+jVcazJCrci0bN9flZVFBZEuB8V3fnnelUFEPa/Fz6CrF MwJ2Tmt9cvIVMBMJm308WdljrDi3k/avGehhfAIAVQE0M0N7j8doBh+1TGUQFvs3ML+s H1rZsXzUQMDrCOeqAUE1rEnei/TzV83L75+zs= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; b=vdfMPTH3dlQAWS54K1+tHh8G1hhizwb7GymS9zs/5N4PQcVFsQQaY3hlKZ43P8I9Vj 5U1v55XV77WhADst8ox3XqpYIVHPd0vehNdnxJRg5DWyR33uGha5lg7TkwTrLBTsrOJM +zB3Chp2E+nNdD6cRxzXzeES99Mksgi2Jc9K4= MIME-Version: 1.0 Received: by 10.141.52.5 with SMTP id e5mr1971495rvk.55.1232863233286; Sat, 24 Jan 2009 22:00:33 -0800 (PST) Date: Sat, 24 Jan 2009 22:00:33 -0800 Message-ID: <985966520901242200w1c2d783aybfcac2de8fb6c155@mail.gmail.com> Subject: WG Last Call: draft-ietf-smime-new-asn1-02 From: Blake Ramsdell To: ietf-smime@imc.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: This message initiates an SMIME Working Group Last Call on the document: Title : New ASN.1 Modules for CMS and S/MIME Author(s) : P. Hoffman, J. Schaad Filename : draft-ietf-smime-new-asn1-02.txt Pages : 61 Date : 2009-01-09 The Cryptographic Message Syntax (CMS) format, and many associated formats, are expressed using ASN.1. The current ASN.1 modules conform to the 1988 version of ASN.1. This document updates those ASN.1 modules to conform to the 2002 version of ASN.1. There are no bits-on-the-wire changes to any of the formats; this is simply a change to the syntax. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-smime-new-asn1-02.txt The purpose of this WG Last Call is to ensure that the Working Group has achieved consensus that the document is suitable for publication as a Standards Track RFC. Please review the document for both technical and editorial problems. Technical issues should be discussed on this list. Editorial issues may be sent to the document editor. The Last Call period will end on 30 January 2009. Upon completion of the last call, the WG chairs will take action based upon the consensus of the WG. Possible actions include: 1) recommending to the IETF Security Area Directors that the document, after possible editorial or other minor changes, be considered by the IESG for publication as an Informational RFC (which generally involves an IETF-wide Last Call); or 2) requiring that outstanding issues be adequately addressed prior to further action (including, possibly, another WG Last Call). Remember that it is our responsibility as Working Group members to ensure the quality of our documents and of the Internet Standards process. So, please read and comment! Blake -- Blake Ramsdell | http://www.blakeramsdell.com From alexe@dc.ufscar.br Sat Jan 24 22:39:02 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0F0083A672F; Sat, 24 Jan 2009 22:39:02 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -89.963 X-Spam-Level: X-Spam-Status: No, score=-89.963 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RCVD_IN_PBL=0.905, RDNS_NONE=0.1, TVD_RCVD_IP=1.931, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Cs9Fe2fjz+NS; Sat, 24 Jan 2009 22:39:01 -0800 (PST) Received: from 212-95-32-105.internetserviceteam.com (unknown [77.222.114.128]) by core3.amsl.com (Postfix) with SMTP id 6381B3A6405; Sat, 24 Jan 2009 22:38:45 -0800 (PST) X-Originating-IP: 80.62.178.32 by smtp.212.95.32.105; Sun, 25 Jan 2009 08:31:28 +0200 Message-ID: Subject: Check out the Jaeger LeCoultre watches! Date: Sun, 25 Jan 2009 01:38:28 -0500 From: "Jimmy Pena" To: "Freda Brewer" Content-Type: text/plain; Content-Transfer-Encoding: 7bit X-Antivirus: avast! (VPS 080723-1, 23.07.2008), Outbound message X-Antivirus-Status: Clean Dear Freda, If you've waited to get your Patek Phillipe watch, this is the right time to go for it. http://search.yahoo.com/search?y=Search&p=mainlikes%2ecom&fr=sfp&ei=UTF-8 (please click on the link after "Go directly to ") With top notch customer service and super warranty, we stand behind our watches. http://search.yahoo.com/search?y=Search&p=mainlikes%2ecom&fr=sfp&ei=UTF-8 (please click on the link after "Go directly to ") Our Patek Phillipe watches have Weights/feels and looks exactly same as original. Sincerely, Mr Brewer From abarito01@bellarmine.edu Sat Jan 24 23:04:06 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4485E3A6405; Sat, 24 Jan 2009 23:04:06 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -87.948 X-Spam-Level: X-Spam-Status: No, score=-87.948 tagged_above=-999 required=5 tests=[BAYES_60=1, DNS_FROM_RFC_BOGUSMX=1.482, FH_HELO_EQ_D_D_D_D=1.597, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, RDNS_NONE=0.1, TVD_RCVD_IP=1.931, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OVzGnjeAvJot; Sat, 24 Jan 2009 23:04:05 -0800 (PST) Received: from 212-95-32-105.internetserviceteam.com (unknown [189.104.166.209]) by core3.amsl.com (Postfix) with SMTP id 303D83A6991; Sat, 24 Jan 2009 23:03:41 -0800 (PST) X-Originating-IP: 115.81.0.152 by smtp.212.95.32.105; Sun, 25 Jan 2009 02:54:21 -0300 Message-ID: Subject: Rep or Original? Date: Sun, 25 Jan 2009 01:03:21 -0500 From: "Janell Dickens" To: "Carey Echols" Content-Type: text/plain; Content-Transfer-Encoding: 7bit Dear Carey, How about buying yourself a two Omega watches the same day? It's not impossible, mostly when you can get them for a couple hundred bucks http://search.yahoo.com/search?y=Search&p=wallmast%2ecom&fr=sfp&ei=UTF-8 (please click on the link after "Go directly to ") Take an extra 15% off your purchase during month of January (2009). http://search.yahoo.com/search?y=Search&p=wallmast%2ecom&fr=sfp&ei=UTF-8 (please click on the link after "Go directly to ") Our Omega watches have Weights/feels and looks exactly same as original. Sincerely, Mr Echols From feedback@kolkatta.buildingconstructions.com Sun Jan 25 10:37:11 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AEF9F28C17E; Sun, 25 Jan 2009 10:37:11 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -87.436 X-Spam-Level: X-Spam-Status: No, score=-87.436 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, HELO_MISMATCH_COM=0.553, HOST_EQ_PL=1.95, RCVD_IN_XBL=3.033, TVD_RCVD_IP=1.931, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 81wtfQmEpIWA; Sun, 25 Jan 2009 10:37:11 -0800 (PST) Received: from 212-95-32-105.internetserviceteam.com (p3d92.traco.pl [195.225.93.92]) by core3.amsl.com (Postfix) with SMTP id 793D03A6836; Sun, 25 Jan 2009 10:37:04 -0800 (PST) X-Originating-IP: 6.52.112.208 by smtp.212.95.32.105; Sun, 25 Jan 2009 11:33:46 -0700 Message-ID: Subject: Omega watches wholesale all year long! Date: Sun, 25 Jan 2009 13:36:46 -0500 From: "Henry Courtney" To: "Gail Robbins" Content-Type: text/plain; Content-Transfer-Encoding: 7bit Dear Gail, How about buying yourself a two Omega watches the same day? It's not impossible, mostly when you can get them for a couple hundred bucks http://search.yahoo.com/search?y=Search&p=walleap%2ecom&fr=sfp&ei=UTF-8 (please click on the link after "Go directly to ") Take advantage of our winter specials and get yourself Omega watch that you've always wanted! http://search.yahoo.com/search?y=Search&p=walleap%2ecom&fr=sfp&ei=UTF-8 (please click on the link after "Go directly to ") Our Omega watches have perfect weight and feel same as orginal. Sincerely, Mr Robbins From Suggsgzdlgekiwq@capecodwellness.com Sun Jan 25 22:32:20 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 898EC3A682B for ; Sun, 25 Jan 2009 22:32:20 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 4.361 X-Spam-Level: **** X-Spam-Status: No, score=4.361 tagged_above=-999 required=5 tests=[BAYES_50=0.001, FROM_LOCAL_NOVOWEL=0.5, INVALID_MSGID=1.9, RCVD_IN_BL_SPAMCOP_NET=1.96] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hsXnFtG3T9SU for ; Sun, 25 Jan 2009 22:32:19 -0800 (PST) Received: from mail2.utlonline.co.ug (smtp.utlonline.co.ug [196.0.3.20]) by core3.amsl.com (Postfix) with ESMTP id 05BEB3A6801 for ; Sun, 25 Jan 2009 22:32:16 -0800 (PST) Received: (qmail 1280 invoked by uid 509); 26 Jan 2009 09:30:42 +0300 Received: from 81.199.19.18 by mail2.utlonline.co.ug (envelope-from , uid 508) with qmail-scanner-1.25-st-qms (clamdscan: 0.94/8376. spamassassin: 3.0.2. perlscan: 1.25-st-qms. Clear:RC:1(81.199.19.18):. Processed in 0.12063 secs); 26 Jan 2009 06:30:42 -0000 X-Antivirus-MYDOMAIN-Mail-From: suggsgzdlgekiwq@capecodwellness.com via mail2.utlonline.co.ug X-Antivirus-MYDOMAIN: 1.25-st-qms (Clear:RC:1(81.199.19.18):. Processed in 0.12063 secs Process 1270) Received: from mail.sbs.co.ug (HELO notes.SBS.CO.UG) (81.199.19.18) by mail2.utlonline.co.ug with SMTP; 26 Jan 2009 09:30:41 +0300 Received: from DM ([58.242.151.204]) by notes.SBS.CO.UG (Lotus Domino Release 6.5.1) with SMTP id 2009012609213335-27286 ; Mon, 26 Jan 2009 09:21:33 +0300 Received: from kuhn-capo.trachtenberg.com (HELO Delldim5150) ([81.199.19.18]) by seamstress-aeneas.trachtenberg.com with ESMTP; Mon, 26 Jan 2009 12:30:57 +0600 Date: Mon, 26 Jan 2009 01:24:57 -0500 From: "Francisca expend" To: emcfall@kcremax.net Cc: smime-archive@odin.ietf.org, portal@girls.com.br, maths@bham.ac.uk, fwegnu@zmail.net, tandong12345678@tom.com, manuela.gspurning@gourmetreise.de, tfryxumda@mail.com, hujnigs@hotmail.com Subject: Database of endocrinologists and many more specialties Message-ID: <107979w4vyn0$d3016mx0$2035w8s0@Delldim5150 MIME-Version: 1.0 Priority: normal X-MIMETrack: Itemize by SMTP Server on sbs_notes/sbs(Release 6.5.1|January 21, 2004) at 01/26/2009 09:21:35 AM, Serialize by Router on sbs_notes/sbs(Release 6.5.1|January 21, 2004) at 01/26/2009 09:21:57 AM, Serialize complete at 01/26/2009 09:21:57 AM Content-type: text/plain; charset=US-ASCII Current MDs in America 788,707 in total <> 17,899 emails Many popular specialties like Emergency Medicine, Plastic Surgery, OBGYN, Oncology, Pediatrics and more 16 different sortable fields Price for new customers - $391 *** ITEMS BELOW ARE INCLUDED IN THE DEAL AT NO EXTRA COST *** **> Directory of US Pharma Companies Names and email addresses of 47,000 employees in high-ranking positions **> Hospital Facilities in the USA Full data for all the major positions in more than 7k facilities **> US Dentist Database Practically every dentist in the USA is listed here **> American Chiropractors Database Over than 100k chiropractors practicing in the US email to: Madison@listamaze.com this offer is only valid until January 30 2009 to stop this email in future email us at discontinue@listamaze.com From chas@helix.ukf.net Sun Jan 25 23:54:49 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CEBA228C193; Sun, 25 Jan 2009 23:54:49 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -66.694 X-Spam-Level: X-Spam-Status: No, score=-66.694 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, HELO_MISMATCH_COM=0.553, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, TVD_RCVD_IP=1.931, URIBL_BLACK=20, URIBL_PH_SURBL=1.787, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rITtqsvhV1Jo; Sun, 25 Jan 2009 23:54:49 -0800 (PST) Received: from 212-95-32-105.internetserviceteam.com (dxb-as37877.alshamil.net.ae [217.165.26.31]) by core3.amsl.com (Postfix) with SMTP id 8119E28C187; Sun, 25 Jan 2009 23:54:28 -0800 (PST) X-Originating-IP: 144.42.64.141 by smtp.212.95.32.105; Mon, 26 Jan 2009 07:54:06 +0100 Message-ID: Subject: Affordable rep watches Date: Mon, 26 Jan 2009 01:54:06 -0500 From: "Tara Hartley" To: "Jeannette Cole" Content-Type: text/plain; Content-Transfer-Encoding: 7bit Dear Jeannette, If you've waited to get your Omega watch, this is the right time to go for it. http://kthomps1luka.rack111.com (please click on the link after "Go directly to ") Take an extra 15% off your purchase during month of January (2009). http://kthomps1luka.rack111.com (please click on the link after "Go directly to ") Our Omega watches have Weights/feels and looks exactly same as original. Sincerely, Mr Cole From smimickdd@uhc.com Mon Jan 26 03:44:31 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DFD3C3A6B42 for ; Mon, 26 Jan 2009 03:44:31 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -37.559 X-Spam-Level: X-Spam-Status: No, score=-37.559 tagged_above=-999 required=5 tests=[BAYES_60=1, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, GB_I_LETTER=-2, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, HTML_EXTRA_CLOSE=2.809, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_3=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_RECV_IP_061228=0.895, SARE_RECV_SPAM_DOMN0b=1.666, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_RHS_DOB=1.083, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wraiPFZWrM3x for ; Mon, 26 Jan 2009 03:44:25 -0800 (PST) Received: from amerblind.outbound.ed10.com (61-229-221-117.dynamic.hinet.net [61.229.221.117]) by core3.amsl.com (Postfix) with SMTP id 991193A6AFF for ; Mon, 26 Jan 2009 03:44:23 -0800 (PST) Content-Return: allowed X-Mailer: devMail.Net (3.0.1854.22234-2) Received: (qmail 6266 by uid 693); Mon, 26 Jan 2009 07:48:25 +0800 Message-Id: <20090126154825.6268.qmail@amerblind.outbound.ed10.com> To: smime-archive@megatron.ietf.org Subject: RE: Message From: smime-archive@megatron.ietf.org MIME-Version: 1.0 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: 7bit Date: Mon, 26 Jan 2009 03:44:23 -0800 (PST)
Click Here!
About this mailing:
You are receiving this e-mail because you subscribed to MSN Featured Offers. Microsoft respects your privacy. If you do not wish to receive this MSN Featured Offers e-mail, please click the "Unsubscribe" link below. This will not unsubscribe you from e-mail communications from third-party advertisers that may appear in MSN Feature Offers. This shall not constitute an offer by MSN. MSN shall not be responsible or liable for the advertisers' content nor any of the goods or service advertised. Prices and item availability subject to change without notice.

©2009 Microsoft | Unsubscribe | More Newsletters | Privacy

Microsoft Corporation, One Microsoft Way, Redmond, WA 98052
From lihb@19.cn Mon Jan 26 05:41:29 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B638728C1BF for ; Mon, 26 Jan 2009 05:41:29 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.042 X-Spam-Level: X-Spam-Status: No, score=-3.042 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_PL=1.135, HOST_EQ_PL=1.95, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_UNI=0.591, SUBJ_YOUR_DEBT=2.622, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qXDEnEAzLc7F for ; Mon, 26 Jan 2009 05:41:29 -0800 (PST) Received: from dynamic-78-8-113-198.ssp.dialog.net.pl (dynamic-78-8-113-198.ssp.dialog.net.pl [78.8.113.198]) by core3.amsl.com (Postfix) with SMTP id 0A7F23A6A70 for ; Mon, 26 Jan 2009 05:41:22 -0800 (PST) To: Subject: RE: 7 days to save your credit From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090126134123.0A7F23A6A70@core3.amsl.com> Date: Mon, 26 Jan 2009 05:41:22 -0800 (PST)
Tell a friend · Download latest version See this email as a webpage

Hello smime-archive

Shipped Privately And Discreetly To Your Door!
See this email as a webpage
  We want to put a great big grin on your face in 2009. You'll be to rejoice all year.  

Unsubscribe · Lost Password · Account Settings · Help · Terms of Service · Privacy

© 2003-2009 SASI Limited. SASi Communications S.a.r.l., 22/24 Green St, Amsterdam L0309.

SASi, SASiIn, SASiOut, SASicasts, SASi Certified, SASiMe!, SASi Pro, SASiFind, SASi Prime, SASi To Go, associated logos and the ‘S’-symbol are trademarks of SASi Limited.
From melendeza@advancedmp.com Mon Jan 26 06:10:58 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5E23628C22C for ; Mon, 26 Jan 2009 06:10:58 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -12.224 X-Spam-Level: X-Spam-Status: No, score=-12.224 tagged_above=-999 required=5 tests=[BAYES_99=3.5, DNS_FROM_OPENWHOIS=1.13, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_XBL=3.033, RDNS_NONE=0.1, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y1qHTR5mHDqh for ; Mon, 26 Jan 2009 06:10:55 -0800 (PST) Received: from abs-kc.com (unknown [89.35.63.62]) by core3.amsl.com (Postfix) with SMTP id 6B02D28C204 for ; Mon, 26 Jan 2009 06:10:53 -0800 (PST) To: Subject: Message from InterScan Messaging Security Suit From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090126141054.6B02D28C204@core3.amsl.com> Date: Mon, 26 Jan 2009 06:10:53 -0800 (PST)
Tell a friend · Download latest version See this email as a webpage

Hello smime-archive

Shipped Privately And Discreetly To Your Door!
See this email as a webpage
  We want to put a great big grin on your face in 2009. You'll be to rejoice all year.  

Unsubscribe · Lost Password · Account Settings · Help · Terms of Service · Privacy

© 2003-2009 SASI Limited. SASi Communications S.a.r.l., 22/24 Green St, Amsterdam L4250.

SASi, SASiIn, SASiOut, SASicasts, SASi Certified, SASiMe!, SASi Pro, SASiFind, SASi Prime, SASi To Go, associated logos and the ‘S’-symbol are trademarks of SASi Limited.
From lambertj@aerosur.com Mon Jan 26 06:47:30 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DA92A3A6BBF for ; Mon, 26 Jan 2009 06:47:30 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -9.919 X-Spam-Level: X-Spam-Status: No, score=-9.919 tagged_above=-999 required=5 tests=[BAYES_99=3.5, GB_I_LETTER=-2, HELO_EQ_JP=1.244, HELO_EQ_NE_JP=1.244, HOST_EQ_JP=1.265, HOST_EQ_NE_JP=2.599, HTML_IMAGE_ONLY_32=1.778, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_XBL=3.033, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EITrlILutfbt for ; Mon, 26 Jan 2009 06:47:29 -0800 (PST) Received: from user33154.gctv.ne.jp (user33154.gctv.ne.jp [202.168.222.154]) by core3.amsl.com (Postfix) with SMTP id 6F80F3A6A82 for ; Mon, 26 Jan 2009 06:47:22 -0800 (PST) To: Subject: PayPal - Email Handling Opinion Needed From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090126144725.6F80F3A6A82@core3.amsl.com> Date: Mon, 26 Jan 2009 06:47:22 -0800 (PST)
We ship Worldwide! To all countries! To all destinations!
Cant see a picture? Click Here!

To unsubscribe from this mailing list, please log in to www.whiledraw.com, click on "My Account", click "Update" to edit your registration details and uncheck the "Receive Newsletter?" check box.
Or unsubscribe at http://whiledraw.com/faq.php

Privacy Statement | Terms & Conditions | Contact

ALFAWORD Ltd.
Tower Bridge Business Complex. Unit 6, B299. 669 Clements Road. London. SE43 5DG

© 2006-2008 ALFAWORD, Ltd. All Rights Reserved

From owner-ietf-smime@mail.imc.org Mon Jan 26 13:00:28 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DFF753A685E for ; Mon, 26 Jan 2009 13:00:28 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.308 X-Spam-Level: X-Spam-Status: No, score=-2.308 tagged_above=-999 required=5 tests=[AWL=0.291, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qsRSYuzkEssy for ; Mon, 26 Jan 2009 13:00:28 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 963263A6864 for ; Mon, 26 Jan 2009 13:00:27 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0QKmWLt035310 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 26 Jan 2009 13:48:32 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n0QKmWeJ035309; Mon, 26 Jan 2009 13:48:32 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from smtp106.biz.mail.re2.yahoo.com (smtp106.biz.mail.re2.yahoo.com [206.190.52.175]) by balder-227.proper.com (8.14.2/8.14.2) with SMTP id n0QKmLiV035298 for ; Mon, 26 Jan 2009 13:48:31 -0700 (MST) (envelope-from turners@ieca.com) Received: (qmail 37268 invoked from network); 26 Jan 2009 20:48:21 -0000 Received: from unknown (HELO ?192.168.1.2?) (turners@71.191.12.61 with plain) by smtp106.biz.mail.re2.yahoo.com with SMTP; 26 Jan 2009 20:48:20 -0000 X-YMail-OSG: xPmTWCYVM1kXoILeZnYyUYgt_4cdKVgYsujHvcqgTytrldZ_e5gRh8V.iKYCr7w9hwsoZsRJDkLR9b82DXUchGTDAunGFqx5nz1Y5CwFUU1w5umwsMkf79sT3nwp8cEZSL6KKldVkO4wzIecM22VAqbjLCvyCTYUMtXSfEuUDAuctkkUQKEqm78asN2e.w-- X-Yahoo-Newman-Property: ymail-3 Message-ID: <497E21AF.7010602@ieca.com> Date: Mon, 26 Jan 2009 15:48:47 -0500 From: Sean Turner User-Agent: Thunderbird 2.0.0.19 (Windows/20081209) MIME-Version: 1.0 To: ietf-smime@imc.org Subject: CMS Questionnaire Content-Type: multipart/mixed; boundary="------------060909090602040808030106" Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: This is a multi-part message in MIME format. --------------060909090602040808030106 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Russ and Tim have challenged me to try to advance CMS to Draft Standard using the process in BCP 97 to deal with the dependencies that have not yet advanced (or aren't advancing). To that end, I've drawn up the following questionnaire that I'd like implementers to complete and return to me. What we're shooting for is to find two implementations that generate messages for each feature, and two implementations that process each feature. We don't think it should matter if the same two implementations are used in both stages. Thanks in advance, spt --------------060909090602040808030106 Content-Type: text/plain; name="cms-questionnaire.txt" Content-Transfer-Encoding: base64 Content-Disposition: inline; filename="cms-questionnaire.txt" UGxlYXNlIGxpc3QgdGhlIHByb2R1Y3QgYW5kIHZlcnNpb24gbnVtYmVyIChpZiBhcHBsaWNh YmxlKSBjb3ZlcmVkIGJ5IHRoaXMgcXVlc3Rpb25uYWlyZS4NCg0KDQpXaGF0IGV2aWRlbmNl IGRvIHlvdSBoYXZlIHRoYXQgeW91IGNhbiBpbnRlcm9wIHdpdGggb3RoZXIgaW1wbGVtZW50 YXRpb25zPw0KSGF2ZSB5b3Ugd29ya2VkIHRocm91Z2ggdGhlIGV4YW1wbGVzIGRyYWZ0Pw0K DQpXaGljaCBvZiB0aGUgZm9sbG93aW5nIGNvbnRlbnQgdHlwZXMgZGlkIHlvdSBpbXBsZW1l bnQ6DQotIENvbnRlbnRJbmZvLA0KLSBpZC1kYXRhLA0KLSBpZC1zaWduZWQtZGF0YSwNCi0g aWQtZW52ZWxvcGVkLWRhdGE/DQoNCkZvciB0aG9zZSB0aGF0IGltcGxlbWVudGVkIFNpZ25l ZERhdGE6DQotIHdoaWNoIHZlcnNpb24ocyk6IHYxLCB2MywgdjQsIHY1Pw0KLSB3aXRob3V0 IENlcnRpZmljYXRlcyAmIENSTHM/DQotIHdpdGggQ2VydGlmaWNhdGVzPw0KLSB3aXRoIENS TD8NCi0gd2l0aCBlbWJlZGRlZCBjb250ZW50Pw0KLSB3aXRoIGRldGFjaGVkIGNvbnRlbnQ/ DQotIFNpZ25lckluZm8gd2l0aG91dCBzaWduZWQgYXR0cmlidXRlcz8NCi0gU2lnbmVySW5m byB3aXRoIHNpZ25lZCBhdHRyaWJ1dGVzOiBpZC1tZXNzYWdlRGlnZXN0LCBpZC1jb250ZW50 VHlwZSwgaWQtc2lnbmluZ1RpbWUsIGlkLWNvdW50ZXJTaWduYXR1cmU/DQotIFNpZ25lcklu Zm8gd2l0aCB1bnNpZ25lZCBhdHRyaWJ1dGVzPw0KLSBTaWduZXJJbmZvIHdpdGggU0tJLCBp c3N1ZXIvc2VyaWFsbnVtYmVyLCBvciBib3RoPw0KDQpGb3IgdGhvc2UgdGhhdCBpbXBsZW1l bnRlZCBFbnZlbG9wZWREYXRhOg0KLSB3aGljaCB2ZXJzaW9uKHMpOiB2MCwgdjIsIHYzLCB2 ND8NCi0gd2l0aCB1bnByb3RlY3RlZCBhdHRyaWJ1dGVzPw0KLSB3aGljaCBSZWNpcGllbnRJ bmZvOiBrdHJpLCBrYXJpLCBrZWtyaSwgcHdyaSwgb3JpPw0KLSBmb3Iga3RyaSwgd2hpY2gg aWRlbnRpZmllciBpc3N1ZXIvc2VyaWFsLCBTS0ksIG9yIGJvdGg/DQotIGZvciBrYXJpLCB3 aGljaCBpZGVudGlmaWVyIGlzc3Vlci9zZXJpYWwsIFNLSSwgb3IgYm90aD8NCi0gZm9yIGth cmksIHdhcyB1a20gc3VwcG9ydGVkPw0KLSBmb3Iga2VrcmksIGlzIGRhdGUsIG90aGVyIG9y IGJvdGggc3VwcG9ydGVkIGluIEtFS0lkZW50aWZpZXI/DQoNCkZvciB0aG9zZSB0aGF0IGlt cGxlbWVudGVkIGJvdGggU2lnbmVkRGF0YSBhbmQgRW52ZWxvcGVkRGF0YToNCi0gQ2FuIHlv dSBzdXBwb3J0IHJlY2VpdmluZyBhIHRyaXBsZSB3cmFwcGVkIG1lc3NhZ2U6IEFuIGlkLXNp Z25lZERhdGEgZW5jYXBzdWxhdGVkIGluIGFuIGlkLWVudmVsb3BlZERhdGEgZW5jYXBzdWxh dGVkIGluIGlkLWVudmVsb3BlZERhdGE/DQoNCkJvbnVzIHF1ZXN0aW9ucywgd2hpY2ggYXJl IG5vdCBnb2luZyB0byBiZSBpbmNsdWRlZCBpbiB0aGUgQ01TIGludGVyb3AgcmVwb3J0Og0K LSBGb3IgU2lnbmVkRGF0YSwgZG8geW91IHN1cHBvcnQgdGhlIG11bHRpc2lnIElEPw0KLSBG b3IgQXV0aGVudGljYXRlZERhdGEsIGRvIHlvdSBzdXBwb3J0IERpZ2VzdGVkRGF0YSwgQ29t cHJlc3NlZERhdGEsIEVuY3J5cHRlZERhdGEsIGFuZC9vciBBdXRoRW52ZWxvcGVkRGF0YT8N Ci0gRm9yIFNpZ25lZERhdGEgd2hhdCBkbyB5b3UgZG8gd2hlbiB5b3UgZW5jb3VudGVyIGFu IGF0dHJpYnV0ZSB0aGF0IHlvdSBkb24ndCBzdXBwb3J0Pw== --------------060909090602040808030106-- From khumusibhopalamilnn@alvazarat.org Mon Jan 26 17:17:31 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BC7823A6B34 for ; Mon, 26 Jan 2009 17:17:31 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.539 X-Spam-Level: X-Spam-Status: No, score=-5.539 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, HOST_EQ_STATIC=1.172, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FlkoAyOxU+oA for ; Mon, 26 Jan 2009 17:17:29 -0800 (PST) Received: from host-82-42-245-35.static.telewest.net (host-82-42-245-35.static.telewest.net [82.42.245.35]) by core3.amsl.com (Postfix) with SMTP id 1C6EF3A6A00 for ; Mon, 26 Jan 2009 17:17:27 -0800 (PST) To: Subject: Fwd: Finest products From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090127011728.1C6EF3A6A00@core3.amsl.com> Date: Mon, 26 Jan 2009 17:17:27 -0800 (PST)
Tell a friend · Download latest version See this email as a webpage

Hello smime-archive

Shipped Privately And Discreetly To Your Door!
See this email as a webpage
  We want to put a great big grin on your face in 2009. You'll be to rejoice all year.  

Unsubscribe · Lost Password · Account Settings · Help · Terms of Service · Privacy

© 2003-2009 SASI Limited. SASi Communications S.a.r.l., 22/24 Green St, Amsterdam L4400.

SASi, SASiIn, SASiOut, SASicasts, SASi Certified, SASiMe!, SASi Pro, SASiFind, SASi Prime, SASi To Go, associated logos and the ‘S’-symbol are trademarks of SASi Limited.
From owner-ietf-smime@mail.imc.org Mon Jan 26 19:49:12 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 826FC3A6822 for ; Mon, 26 Jan 2009 19:49:12 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.506 X-Spam-Level: X-Spam-Status: No, score=-4.506 tagged_above=-999 required=5 tests=[AWL=-0.907, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CfErc5hQHjcF for ; Mon, 26 Jan 2009 19:49:11 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 3A9013A6851 for ; Mon, 26 Jan 2009 19:49:10 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0R3MT0t048596 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 26 Jan 2009 20:22:29 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n0R3MTbB048595; Mon, 26 Jan 2009 20:22:29 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from mailhost.auckland.ac.nz (curly.its.auckland.ac.nz [130.216.12.33]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0R3MIA8048570 for ; Mon, 26 Jan 2009 20:22:29 -0700 (MST) (envelope-from pgut001@cs.auckland.ac.nz) Received: from localhost (localhost.localdomain [127.0.0.1]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id 979D29E347; Tue, 27 Jan 2009 16:22:16 +1300 (NZDT) X-Virus-Scanned: by amavisd-new at mailhost.auckland.ac.nz Received: from mailhost.auckland.ac.nz ([127.0.0.1]) by localhost (curly.its.auckland.ac.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5V4ozRoLrSsy; Tue, 27 Jan 2009 16:22:16 +1300 (NZDT) Received: from iris.cs.auckland.ac.nz (iris.cs.auckland.ac.nz [130.216.33.152]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id 09D9E9E296; Tue, 27 Jan 2009 16:22:11 +1300 (NZDT) Received: from wintermute01.cs.auckland.ac.nz (wintermute01.cs.auckland.ac.nz [130.216.34.38]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by iris.cs.auckland.ac.nz (Postfix) with ESMTP id 752F11AE4003; Tue, 27 Jan 2009 16:22:10 +1300 (NZDT) Received: from pgut001 by wintermute01.cs.auckland.ac.nz with local (Exim 4.63) (envelope-from ) id 1LReWg-0007XA-Df; Tue, 27 Jan 2009 16:22:10 +1300 From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: ietf-smime@imc.org, turners@ieca.com Subject: Re: CMS Questionnaire In-Reply-To: <497E21AF.7010602@ieca.com> Message-Id: Date: Tue, 27 Jan 2009 16:22:10 +1300 Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Sean Turner writes: >Russ and Tim have challenged me to try to advance CMS to Draft Standard >using the process in BCP 97 to deal with the dependencies that have not >yet advanced (or aren't advancing). To that end, I've drawn up the >following questionnaire that I'd like implementers to complete and >return to me. What we're shooting for is to find two implementations >that generate messages for each feature, and two implementations that >process each feature. We don't think it should matter if the same two >implementations are used in both stages. Are you just after straight yes-or-no answers, or are you interested in metadata as well? By metadata I mean things like "I probably support method XYZ but since I've never found anything else that does to test against I can't guarantee that it's correct", or "I've implemented XYZ but since no user has ever asked for it it's never been tested". It may be useful to get (or at least I'd be very interested in seeing) data on what's actually being used in the real world. Motivated by the history of RFC 4134, I'd also prefer to be able to qualify a claim of "I support XYZ" with further details if there's never been any opportunity to test whether it's actually implemented as required (in other words to differentiate "I'm pretty sure I support XYZ" vs. "I definitely support XYZ and have interoperated with others using it"). Peter. From lakea@akamai.com Tue Jan 27 00:21:28 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 59A513A6B16 for ; Tue, 27 Jan 2009 00:21:28 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -12.652 X-Spam-Level: X-Spam-Status: No, score=-12.652 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_RELAY_NODNS=1.451, HELO_EQ_SE=0.35, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_NONE=0.1, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kQqVwlOiR1VC for ; Tue, 27 Jan 2009 00:21:27 -0800 (PST) Received: from alphyra.se (unknown [122.162.112.44]) by core3.amsl.com (Postfix) with SMTP id 999B63A6B1B for ; Tue, 27 Jan 2009 00:21:18 -0800 (PST) To: Subject: Support Ticket: 361962 - Created From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090127082119.999B63A6B1B@core3.amsl.com> Date: Tue, 27 Jan 2009 00:21:18 -0800 (PST)
Tell a friend · Download latest version See this email as a webpage

Hello smime-archive

Shipped Privately And Discreetly To Your Door!
See this email as a webpage
  We want to put a great big grin on your face in 2009. You'll be to rejoice all year.  

Unsubscribe · Lost Password · Account Settings · Help · Terms of Service · Privacy

© 2003-2009 SASI Limited. SASi Communications S.a.r.l., 22/24 Green St, Amsterdam L3539.

SASi, SASiIn, SASiOut, SASicasts, SASi Certified, SASiMe!, SASi Pro, SASiFind, SASi Prime, SASi To Go, associated logos and the ‘S’-symbol are trademarks of SASi Limited.
From smime-dev-approval@rsa.com Tue Jan 27 00:32:42 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2289A3A6B12 for ; Tue, 27 Jan 2009 00:32:42 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -66.849 X-Spam-Level: X-Spam-Status: No, score=-66.849 tagged_above=-999 required=5 tests=[BAYES_99=3.5, GB_I_LETTER=-2, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, HTML_EXTRA_CLOSE=2.809, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_3=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RDNS_DYNAMIC=0.1, SARE_UNI=0.591, URIBL_SBL=20, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c+2qbl1k4rYQ for ; Tue, 27 Jan 2009 00:32:41 -0800 (PST) Received: from amerblind.outbound.ed10.com (a230-245.adsl.paltel.net [213.6.230.245]) by core3.amsl.com (Postfix) with SMTP id 6995B3A6A24 for ; Tue, 27 Jan 2009 00:32:39 -0800 (PST) Content-Return: allowed X-Mailer: devMail.Net (3.0.1854.22234-2) To: smime-archive@megatron.ietf.org Subject: RE: Message 16821 From: Canadian Pharmacy id2724 MIME-Version: 1.0 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: 7bit Message-Id: <20090127083240.6995B3A6A24@core3.amsl.com> Date: Tue, 27 Jan 2009 00:32:39 -0800 (PST)
Click Here!
About this mailing:
You are receiving this e-mail because you subscribed to MSN Featured Offers. Microsoft respects your privacy. If you do not wish to receive this MSN Featured Offers e-mail, please click the "Unsubscribe" link below. This will not unsubscribe you from e-mail communications from third-party advertisers that may appear in MSN Feature Offers. This shall not constitute an offer by MSN. MSN shall not be responsible or liable for the advertisers' content nor any of the goods or service advertised. Prices and item availability subject to change without notice.

©2009 Microsoft | Unsubscribe | More Newsletters | Privacy

Microsoft Corporation, One Microsoft Way, Redmond, WA 98052
From smimetn@iipa.com Tue Jan 27 06:08:48 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7B6EE3A6A2B for ; Tue, 27 Jan 2009 06:08:48 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -61.996 X-Spam-Level: X-Spam-Status: No, score=-61.996 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HOST_EQ_D_D_D_D=0.765, GB_I_LETTER=-2, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, HTML_EXTRA_CLOSE=2.809, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_3=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_UNI=0.591, URIBL_SBL=20, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xULrHnFZAGU0 for ; Tue, 27 Jan 2009 06:08:47 -0800 (PST) Received: from amerblind.outbound.ed10.com (adsl-62-221-48-20.dn.farlep.net [62.221.48.20]) by core3.amsl.com (Postfix) with SMTP id E09A03A67E6 for ; Tue, 27 Jan 2009 06:08:44 -0800 (PST) Content-Return: allowed X-Mailer: devMail.Net (3.0.1854.22234-2) To: smime-archive@ietf.org Subject: RE: Message 52191 From: Canadian Pharmacy id4399 MIME-Version: 1.0 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: 7bit Message-Id: <20090127140846.E09A03A67E6@core3.amsl.com> Date: Tue, 27 Jan 2009 06:08:44 -0800 (PST)
Click Here!
About this mailing:
You are receiving this e-mail because you subscribed to MSN Featured Offers. Microsoft respects your privacy. If you do not wish to receive this MSN Featured Offers e-mail, please click the "Unsubscribe" link below. This will not unsubscribe you from e-mail communications from third-party advertisers that may appear in MSN Feature Offers. This shall not constitute an offer by MSN. MSN shall not be responsible or liable for the advertisers' content nor any of the goods or service advertised. Prices and item availability subject to change without notice.

©2009 Microsoft | Unsubscribe | More Newsletters | Privacy

Microsoft Corporation, One Microsoft Way, Redmond, WA 98052
From kitamura@580b.com.tw Tue Jan 27 07:04:31 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9CD643A67B5 for ; Tue, 27 Jan 2009 07:04:31 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.787 X-Spam-Level: X-Spam-Status: No, score=-3.787 tagged_above=-999 required=5 tests=[AWL=9.618, BAYES_99=3.5, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RDNS_NONE=0.1, SARE_UNI=0.591, SUBJ_ALL_CAPS=2.077, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5ZTCehKlfZCV for ; Tue, 27 Jan 2009 07:04:30 -0800 (PST) Received: from 3hoek.com (unknown [122.163.251.32]) by core3.amsl.com (Postfix) with SMTP id CCDD83A6997 for ; Tue, 27 Jan 2009 07:04:26 -0800 (PST) To: Subject: RE: YOU ID 762 From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090127150427.CCDD83A6997@core3.amsl.com> Date: Tue, 27 Jan 2009 07:04:26 -0800 (PST)
Tell a friend · Download latest version See this email as a webpage

Hello smime-archive

Shipped Privately And Discreetly To Your Door!
See this email as a webpage
  We want to put a great big grin on your face in 2009. You'll be to rejoice all year.  

Unsubscribe · Lost Password · Account Settings · Help · Terms of Service · Privacy

© 2003-2009 SASI Limited. SASi Communications S.a.r.l., 22/24 Green St, Amsterdam L3217.

SASi, SASiIn, SASiOut, SASicasts, SASi Certified, SASiMe!, SASi Pro, SASiFind, SASi Prime, SASi To Go, associated logos and the ‘S’-symbol are trademarks of SASi Limited.
From owner-ietf-smime@mail.imc.org Tue Jan 27 07:35:10 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 71F6C3A6B32 for ; Tue, 27 Jan 2009 07:35:10 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.416 X-Spam-Level: X-Spam-Status: No, score=-2.416 tagged_above=-999 required=5 tests=[AWL=0.183, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gRi6IbYwIZYv for ; Tue, 27 Jan 2009 07:35:09 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 3C4543A6B35 for ; Tue, 27 Jan 2009 07:35:09 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0RFLh5b082579 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 27 Jan 2009 08:21:43 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n0RFLhjn082578; Tue, 27 Jan 2009 08:21:43 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from smtp104.biz.mail.re2.yahoo.com (smtp104.biz.mail.re2.yahoo.com [206.190.52.173]) by balder-227.proper.com (8.14.2/8.14.2) with SMTP id n0RFLV3q082566 for ; Tue, 27 Jan 2009 08:21:42 -0700 (MST) (envelope-from turners@ieca.com) Received: (qmail 33171 invoked from network); 27 Jan 2009 15:21:31 -0000 Received: from unknown (HELO ?192.168.1.2?) (turners@96.241.98.100 with plain) by smtp104.biz.mail.re2.yahoo.com with SMTP; 27 Jan 2009 15:21:30 -0000 X-YMail-OSG: 1ysCHigVM1lGaecx2imusUsukZ.7d5lks.sVAwwL3tofn9lFxxp2jZE2qkYgmXhwUBiTEdsmlOKGPbvVdo0c7_aWkMhdqocORnJjmpoISojixfhLQpMc_exIdqo7aVIY14HGuZE8.44CRBmUw_cTk6iXUcIzLtCfK5EnzI9Wz0KEMq2sFbLgmh7JmWGeaDD3_oun.6BOgvYqUeP.WY_AiyGHxJ_k X-Yahoo-Newman-Property: ymail-3 Message-ID: <497F2694.5080508@ieca.com> Date: Tue, 27 Jan 2009 10:21:56 -0500 From: Sean Turner User-Agent: Thunderbird 2.0.0.19 (Windows/20081209) MIME-Version: 1.0 To: Peter Gutmann CC: ietf-smime@imc.org Subject: Re: CMS Questionnaire References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Peter Gutmann wrote: > Sean Turner writes: > >> Russ and Tim have challenged me to try to advance CMS to Draft Standard >> using the process in BCP 97 to deal with the dependencies that have not >> yet advanced (or aren't advancing). To that end, I've drawn up the >> following questionnaire that I'd like implementers to complete and >> return to me. What we're shooting for is to find two implementations >> that generate messages for each feature, and two implementations that >> process each feature. We don't think it should matter if the same two >> implementations are used in both stages. > > Are you just after straight yes-or-no answers, or are you interested in > metadata as well? By metadata I mean things like "I probably support method > XYZ but since I've never found anything else that does to test against I can't > guarantee that it's correct", or "I've implemented XYZ but since no user has > ever asked for it it's never been tested". It may be useful to get (or at > least I'd be very interested in seeing) data on what's actually being used in > the real world. Motivated by the history of RFC 4134, I'd also prefer to be > able to qualify a claim of "I support XYZ" with further details if there's > never been any opportunity to test whether it's actually implemented as > required (in other words to differentiate "I'm pretty sure I support XYZ" vs. > "I definitely support XYZ and have interoperated with others using it"). I'm definitely interested in metadata. spt From owner-ietf-smime@mail.imc.org Tue Jan 27 13:36:28 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A98C328C0CE for ; Tue, 27 Jan 2009 13:36:28 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.593 X-Spam-Level: X-Spam-Status: No, score=-2.593 tagged_above=-999 required=5 tests=[AWL=0.006, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k6O0tG4BjHcl for ; Tue, 27 Jan 2009 13:36:28 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id A8E233A6A57 for ; Tue, 27 Jan 2009 13:36:27 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0RLN9A3002892 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 27 Jan 2009 14:23:09 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n0RLN9Dv002891; Tue, 27 Jan 2009 14:23:09 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from [10.20.30.163] (dsl-63-249-108-169.cruzio.com [63.249.108.169]) (authenticated bits=0) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0RLN7bH002878 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 27 Jan 2009 14:23:08 -0700 (MST) (envelope-from paul.hoffman@vpnc.org) Mime-Version: 1.0 Message-Id: In-Reply-To: <200901271625.RAA12336@TR-Sys.de> References: <200901271625.RAA12336@TR-Sys.de> Date: Tue, 27 Jan 2009 13:23:05 -0800 To: ietf-pkix@imc.org, ietf-smime@imc.org From: Paul Hoffman Subject: Re: New modules drafts -- proposed ASN.1 downgrade tutorial Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: In thinking about this a bit more: - I agree with Alfred that it should be a separate document that covers all ASN.1 modules in (at least) the Security Area of the IETF. - It is not needed if the eventual PKIX and S/MIME documents are Informational RFCs instead of Standards Track. - Future document authors can pick whether they want to do their modules in 2002 or 1988 and the WGs can decide if they like the decision that the authors made. Given that, I propose that someone other than Jim and I start such a "downgrade tutorial". I volunteer to review it, and I'm sure that some of the modules from Jim and my documents would be good fodder for examples in the new document. --Paul Hoffman, Director --VPN Consortium From aj@autojorgen.dk Wed Jan 28 01:10:21 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D8B5B28C0FA; Wed, 28 Jan 2009 01:10:21 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -52.755 X-Spam-Level: X-Spam-Status: No, score=-52.755 tagged_above=-999 required=5 tests=[BAYES_60=1, FH_HOST_EQ_D_D_D_D=0.765, HELO_MISMATCH_NET=0.611, HOST_EQ_JP=1.265, HOST_EQ_NE_JP=2.599, RCVD_IN_PBL=0.905, RDNS_DYNAMIC=0.1, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_OB_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KIFcmCcH9-40; Wed, 28 Jan 2009 01:10:13 -0800 (PST) Received: from CUSTOMER.VPLS.NET (EM114-51-1-189.pool.e-mobile.ne.jp [114.51.1.189]) by core3.amsl.com (Postfix) with SMTP id 06CDA28C1FE; Wed, 28 Jan 2009 01:10:03 -0800 (PST) X-Originating-IP: 118.47.16.80 by smtp.58.211.69.152; Wed, 28 Jan 2009 02:02:40 -0700 Message-ID: Subject: Bvlgari watches wholesale all year long! Date: Wed, 28 Jan 2009 04:09:40 -0500 From: "Stacey Wyatt" To: "Ina Rubio" Content-Type: text/plain; Content-Transfer-Encoding: 7bit Dear Ina, Looking for a Gucci watch that no one can tell from the original? You're in luck, because we have the best copies http://seamensasaka.freehostguy.com Take advantage of our winter specials and get yourself Gucci watch that you've always wanted! http://seamensasaka.freehostguy.com Our Gucci watches have perfect weight and feel same as orginal. Sincerely, Mr Rubio From vdc@habchal.com.kw Wed Jan 28 01:11:57 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1D3DE28C0FA; Wed, 28 Jan 2009 01:11:57 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -71.9 X-Spam-Level: X-Spam-Status: No, score=-71.9 tagged_above=-999 required=5 tests=[BAYES_80=2, FH_RELAY_NODNS=1.451, HELO_MISMATCH_NET=0.611, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, RDNS_NONE=0.1, URIBL_BLACK=20, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GlKZyP3lElGM; Wed, 28 Jan 2009 01:11:56 -0800 (PST) Received: from CUSTOMER.VPLS.NET (unknown [212.156.208.222]) by core3.amsl.com (Postfix) with SMTP id C915D28C120; Wed, 28 Jan 2009 01:11:23 -0800 (PST) X-Originating-IP: 72.115.69.197 by smtp.52.116.212.234; Wed, 28 Jan 2009 15:05:04 +0600 Message-ID: Subject: Affordable rep watches Date: Wed, 28 Jan 2009 04:11:04 -0500 From: "Chris Talbot" To: "Kathryn Guerra" Content-Type: text/plain; Content-Transfer-Encoding: 7bit Dear Kathryn, New Year is the time to get Tag Heuer watch, and the only place to get top notch watches that look and perform exactly like the originals is http://kmjohnson8buwu.freewhost.com Take advantage of our winter specials and get yourself Tag Heuer watch that you've always wanted! http://kmjohnson8buwu.freewhost.com Our Tag Heuer watches have all appropriate markings, wordings and engravings same as orginal. Sincerely, Mr Guerra From owner-ietf-smime@mail.imc.org Wed Jan 28 06:51:33 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id ED25D3A68B1 for ; Wed, 28 Jan 2009 06:51:33 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.202 X-Spam-Level: X-Spam-Status: No, score=-2.202 tagged_above=-999 required=5 tests=[AWL=-0.733, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WXR2MAxrl1WG for ; Wed, 28 Jan 2009 06:51:33 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id D764A3A67D4 for ; Wed, 28 Jan 2009 06:51:32 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0SEZWZv050545 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 28 Jan 2009 07:35:33 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n0SEZWpN050543; Wed, 28 Jan 2009 07:35:32 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from scygmxsecs1.cygnacom.com (scygmxsecs1.cygnacom.com [65.242.48.253]) by balder-227.proper.com (8.14.2/8.14.2) with SMTP id n0SEZLZI050509 for ; Wed, 28 Jan 2009 07:35:32 -0700 (MST) (envelope-from CWallace@cygnacom.com) Received: (qmail 16178 invoked from network); 28 Jan 2009 14:35:48 -0000 Received: from CWallace@cygnacom.com by scygmxsecs1.cygnacom.com with EntrustECS-Server-7.4;28 Jan 2009 14:35:48 -0000 Received: from unknown (HELO scygexch1.cygnacom.com) (10.60.50.8) by scygmxsecs1.cygnacom.com with SMTP; 28 Jan 2009 14:35:47 -0000 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft Exchange V6.5 Subject: RE: New modules drafts -- proposed ASN.1 downgrade tutorial Date: Wed, 28 Jan 2009 09:35:19 -0500 Message-ID: In-Reply-To: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: New modules drafts -- proposed ASN.1 downgrade tutorial Thread-Index: AcmAxppGlKJqWvTHTp+ETJLuMDPqMwAjbhRg References: <200901271625.RAA12336@TR-Sys.de> From: "Carl Wallace" To: "Paul Hoffman" , , Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: I volunteer to help write the document. A few comments below. > -----Original Message----- > From: owner-ietf-smime@mail.imc.org=20 > [mailto:owner-ietf-smime@mail.imc.org] On Behalf Of Paul Hoffman > Sent: Tuesday, January 27, 2009 4:23 PM > To: ietf-pkix@imc.org; ietf-smime@imc.org > Subject: Re: New modules drafts -- proposed ASN.1 downgrade tutorial >=20 >=20 > In thinking about this a bit more: >=20 > - I agree with Alfred that it should be a separate document=20 > that covers all ASN.1 modules in (at least) the Security Area=20 > of the IETF. Do you in mind a draft that provides guidance on how to convert 2002 syntax into equivalent 1988 syntax or a document that includes 88 syntax for all security area drafts? The former seems worthwhile, I'm not sure about the latter.=20 =20 > - It is not needed if the eventual PKIX and S/MIME documents=20 > are Informational RFCs instead of Standards Track. >=20 > - Future document authors can pick whether they want to do=20 > their modules in 2002 or 1988 and the WGs can decide if they=20 > like the decision that the authors made. Allowance of 88 syntax may make an "upgrade tutorial" component of the draft nice too. =20 > Given that, I propose that someone other than Jim and I start=20 > such a "downgrade tutorial". I volunteer to review it, and=20 > I'm sure that some of the modules from Jim and my documents=20 > would be good fodder for examples in the new document. >=20 > --Paul Hoffman, Director > --VPN Consortium >=20 >=20 From owner-ietf-smime@mail.imc.org Wed Jan 28 09:27:21 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C0D4628C113 for ; Wed, 28 Jan 2009 09:27:21 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.593 X-Spam-Level: X-Spam-Status: No, score=-2.593 tagged_above=-999 required=5 tests=[AWL=0.006, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LavySnjijuub for ; Wed, 28 Jan 2009 09:27:21 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 961C43A6829 for ; Wed, 28 Jan 2009 09:27:20 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0SHE4Gd059483 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 28 Jan 2009 10:14:04 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n0SHE4ku059481; Wed, 28 Jan 2009 10:14:04 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from [10.20.30.158] (dsl-63-249-108-169.cruzio.com [63.249.108.169]) (authenticated bits=0) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0SHE0cn059467 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 28 Jan 2009 10:14:01 -0700 (MST) (envelope-from paul.hoffman@vpnc.org) Mime-Version: 1.0 Message-Id: In-Reply-To: References: <200901271625.RAA12336@TR-Sys.de> Date: Wed, 28 Jan 2009 09:13:58 -0800 To: "Carl Wallace" , , From: Paul Hoffman Subject: RE: New modules drafts -- proposed ASN.1 downgrade tutorial Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: At 9:35 AM -0500 1/28/09, Carl Wallace wrote: >I volunteer to help write the document. Thank you! Who wants to help Carl? > > - I agree with Alfred that it should be a separate document >> that covers all ASN.1 modules in (at least) the Security Area >> of the IETF. > >Do you in mind a draft that provides guidance on how to convert 2002 >syntax into equivalent 1988 syntax or a document that includes 88 syntax >for all security area drafts? The former seems worthwhile, I'm not sure >about the latter. Only the former; sorry I wasn't clearer. > > - Future document authors can pick whether they want to do >> their modules in 2002 or 1988 and the WGs can decide if they >> like the decision that the authors made. > >Allowance of 88 syntax may make an "upgrade tutorial" component of the >draft nice too. That would certainly be useful as well. --Paul Hoffman, Director --VPN Consortium From crispin.passmore@covlaw.org.uk Wed Jan 28 11:27:50 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4ED9A3A6904; Wed, 28 Jan 2009 11:27:50 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -44.573 X-Spam-Level: X-Spam-Status: No, score=-44.573 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HELO_MISMATCH_NET=0.611, HOST_EQ_BR=1.295, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_RECV_SPAM_DOMN02=1.666, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_PH_SURBL=1.787, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kFacgfy7KVD1; Wed, 28 Jan 2009 11:27:49 -0800 (PST) Received: from CUSTOMER.VPLS.NET (201-42-215-208.dsl.telesp.net.br [201.42.215.208]) by core3.amsl.com (Postfix) with SMTP id 0724A3A67DF; Wed, 28 Jan 2009 11:27:34 -0800 (PST) Message-ID: <0397O734.8874400smime-archive@megatron.ietf.org> Date: Wed, 28 Jan 2009 14:27:10 -0500 From: "Fernando Conway" To: "Melanie Benson" Subject: Tag Heuer cheaper than you could imagine! Content-Type: text/plain; Content-Transfer-Encoding: 7bit Dear Melanie, New Year is the time to get Jaeger LeCoultre watch, and the only place to get top notch watches that look and perform exactly like the originals is http://tldoggvajo.k2free.com We are offering wholesaler prices on all watches during the month of January 2009. http://tldoggvajo.k2free.com Our Jaeger LeCoultre watches have Weights/feels and looks exactly same as original. Sincerely, Mr Benson From owner-ietf-smime@mail.imc.org Wed Jan 28 11:49:29 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9E6943A67DF for ; Wed, 28 Jan 2009 11:49:29 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 1.888 X-Spam-Level: * X-Spam-Status: No, score=1.888 tagged_above=-999 required=5 tests=[AWL=0.637, BAYES_00=-2.599, CHARSET_FARAWAY_HEADER=3.2, HELO_EQ_DE=0.35, MIME_8BIT_HEADER=0.3] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D5L3lFT9RFQw for ; Wed, 28 Jan 2009 11:49:28 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id DC7E53A6904 for ; Wed, 28 Jan 2009 11:49:27 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0SJd7N2065526 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 28 Jan 2009 12:39:07 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n0SJd7eS065525; Wed, 28 Jan 2009 12:39:07 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from WOTAN.TR-Sys.de (gateway.tr-sys.de [213.178.172.147]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0SJcqL4065503; Wed, 28 Jan 2009 12:39:04 -0700 (MST) (envelope-from A.Hoenes@tr-sys.de) Received: from ZEUS.TR-Sys.de by w. with ESMTP ($Revision: 1.37.109.26 $/16.3) id AA038221421; Wed, 28 Jan 2009 20:37:01 +0100 Received: (from ah@localhost) by z.TR-Sys.de (8.9.3 (PHNE_25183)/8.7.3) id UAA13854; Wed, 28 Jan 2009 20:37:00 +0100 (MEZ) From: Alfred =?hp-roman8?B?SM5uZXM=?= Message-Id: <200901281937.UAA13854@TR-Sys.de> Subject: Re: New ASN.1 Modules drafts To: paul.hoffman@vpnc.org, jimsch@exmsft.com Date: Wed, 28 Jan 2009 20:36:59 +0100 (MEZ) Cc: ietf-pkix@imc.org, ietf-smime@imc.org X-Mailer: ELM [$Revision: 1.17.214.3 $] Mime-Version: 1.0 Content-Type: text/plain; charset=hp-roman8 Content-Transfer-Encoding: 7bit Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Paul & Jim, as promised quite some time ago, I have started a review of the New ASN.1 Modules drafts, now that they have arrived at WGLC. Firstly, I want to thank you for this huge effort and the 'orthogonalization' of the naming style performed, which in part might not have been possible before this synoptical re-working of many less coordinated previous efforts. In order to speed things up and keep message lengths bounded, I'll report my detailed findings in successive pieces, as soon as time avails. (0) I have derived from the PKIX list discussion that both drafts need additional language in their 'executive level text' to better motivate the long-term switch to the new ASN.1, and hence the aim for Standards Track, which I strongly support. There would indeed be no reason for Standards Track if the single benefit of the whole effort only would be "simply a change to the syntax". It already has been pointed out that the major benefit is the formatization of a significant amount of syntactical information that in the 1988 ASN.1 could only be represented *informally* as ASN.1 comments, or in explanations in the prose -- most notably the mess with unspecified sets of allowed OIDs and dependent objects with 'ANY' syntax (e.g. algorithm parameters). We all need to get acquainted with the 'new ASN.1', but I expect that the long-term benefits in precision will far outweigh the necessary one-time effort. As some kind of 'draft marketing', the benefits of migrating to the new syntax should be emphasized at first place, in the Abstract and in the leading paragraph(s) of Section 1, in both drafts. Below are a few nits and comments for the (almost) common parts of both drafts. More TBD. For brevity, I'll denote the two drafts, draft-ietf-pkix-new-asn1-02 and draft-ietf-smime-new-asn1-02, by "PKIX draft" and "CMS draft", respectively. (1) Section 1, paragraphs below the bullets -- typo (both drafts) The following typo occurs 3x : - in the two last paragraphs in the PKIX draft, and - in the penultimate para in the CMS draft. s/defintions/definitions/ ^^ ^^^ (2) Section 1.2.1 (both drafts) Let's take the authoritarian way. The figures in the OIDs are not worth of lenghty discussions. Russ Housley, the maintainer of http://www.imc.org/ietf-pkix/pkix-oid.asn seems to be the canonical trusted 3rd party to do this. :-) (3) PKIX-CommonTypes module ( PKIX draft, Section 2 ) (Linear walk-through) (3a) typo -- ATTRIBUTE -- | -- Describe the set of data assoicate with an attribute of some type. --- ^^^^^^ -- ATTRIBUTE -- | -- Describe the set of data associated with an attribute of some type. ^^^^^^^ (3b) punctuation Better use a semicolon -- full sentence follows: v | -- &Type is the ASN.1 type structure for the attribute, not all -- attributes have a data struture, so this field is optional --- v | -- &Type is the ASN.1 type structure for the attribute; not all -- attributes have a data struture, so this field is optional (3c) typo v | -- &minCount contains the mininum number of time the attribute can -- occur in an AttributeSet --- v | -- &minCount contains the minimum number of time the attribute can -- occur in an AttributeSet (3d) typo vv | -- Currently we are using two differen prefixes for attributes. --- vvv | -- Currently we are using two different prefixes for attributes. (3e) ref.? -- MATCHING-RULE is imported from InformationFramework.asn For completeness: Can you give a reference? [ Sorry, shame on me: I did not arrive yet at studying the complete X.68* document set. :-) ] (3f) word shuffling? | -- MATCHING-RULE information object class specification Too many nouns in sequence; semantics depend on how you set the imaginary brackets. Is this a better, less ambiguous alternative? : | -- specification of MATCHING-RULE information object class (3g) AttributeSet vs. SingleAttribute The formal parameter is a placeholder, isn't it? Because it plays the same role in both cases, wouldn't it be reasonable to reuse 'Attrs' for SingleAttribute (in favor of 'AttributeSet') ? Alternatively, in both cases 'AttributeSet' might be used, in a similar manner as the draft does for Extensions (subsequently). IMO, using the long version specifically for SingleAttribute might be confusing for human readers (mixing up the different meta levels). (3h) EXTENSION -- word omission v -- This class definition is used describe the association of -- object identifier and ASN.1 type structure for extensions --- vvvv -- This class definition is used to describe the association of -- object identifier and ASN.1 type structure for extensions (3i) EXTENSION ff. -- need more info The intent of the commented-out &Critical needs to be explained. Is this a proposal to be judged/evaluated by the WG? (3j) Security Category -- use of case I suggest to always use uppercase "RFC" in favor of mixing it with lowercase "rfc". Hence, please change: -- Security categories are used both for specifing clearances and for | -- labeling objects. We move this here from rfc 3281 so that they -- will use a common single object class to express this information. --- -- Security categories are used both for specifing clearances and for | -- labeling objects. We move this here from RFC 3281 so that they -- will use a common single object class to express this information. (4) AlgorithmInformation Module(s) It turns out that Section 3 of the PKIX draft and Section 2 of the CMS draft are identical. I did not find a statement clearly announcing this important fact. This is a poor service level for potential readers. Concern: Duplicated specification incurs danger of divergence and duplicated maintenance efforts in the future; Benefit: Better readability / self-containment of both drafts. However: PKIX-CommonTypes module is only in the PKIX draft! Possible ways to deal with: a) Leave module in both drafts; add statement to first paragraph (intro) of the abovementioned sections clearly stating the duplication. b) Leave module in both drafts, but declare the copy in the PKIX draft as normative and the copy in the CMS draft as non-normative; adjust wording in to first paragraph (intro) of the abovementioned sections of both drafts to clearly indicate the duplication and the role of the sections; also update the final part of Setcion 1 accordingly, in both drafts. c) Only keep this module in the PKIX draft; change language in CMS draft, end of Section 1, accordingly. d) Move both 'fundamental' modules to a third draft. Opinions? My personal preference is for c). [[ to be continued ]] Kind regards, Alfred. -- +------------------------+--------------------------------------------+ | TR-Sys Alfred Hoenes | Alfred Hoenes Dipl.-Math., Dipl.-Phys. | | Gerlinger Strasse 12 | Phone: (+49)7156/9635-0, Fax: -18 | | D-71254 Ditzingen | E-Mail: ah@TR-Sys.de | +------------------------+--------------------------------------------+ From info@upgrade.com Wed Jan 28 14:58:11 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0512028C188 for ; Wed, 28 Jan 2009 14:58:11 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.74 X-Spam-Level: X-Spam-Status: No, score=-4.74 tagged_above=-999 required=5 tests=[BAYES_20=-0.74, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VunrX2SQMNxL for ; Wed, 28 Jan 2009 14:58:07 -0800 (PST) Received: from ares.gsd.harvard.edu (ares.gsd.harvard.edu [128.103.170.90]) by core3.amsl.com (Postfix) with ESMTP id 2CA1C28C17E for ; Wed, 28 Jan 2009 14:58:06 -0800 (PST) Received: from mail.gsd.harvard.edu (localhost [127.0.0.1]) by ares.gsd.harvard.edu (8.14.2+Sun/8.13.8) with ESMTP id n0SMoNwi001214; Wed, 28 Jan 2009 17:50:23 -0500 (EST) Received: from 41.219.145.186 (SquirrelMail authenticated user amcghee) by mail.gsd.harvard.edu with HTTP; Wed, 28 Jan 2009 17:50:23 -0500 (EST) Message-ID: <59547.41.219.145.186.1233183023.squirrel@mail.gsd.harvard.edu> Date: Wed, 28 Jan 2009 17:50:23 -0500 (EST) Subject: Your Mailbox Exceeds Its Limit! From: "WebMailHelpDesk" Reply-To: upgrade_account555@live.com User-Agent: SquirrelMail/1.4.7 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-Virus-Scanned: ClamAV version 0.92.1, clamav-milter version 0.92.1 on ares X-Virus-Status: Clean To: undisclosed-recipients:; Dear Webmail User, The Helpdesk Program that periodically checks the size of your e-mailspace is sending you this information. The program runs weekly toensure your inbox does not grow too large, thus preventing you fromreceiving or sending new e-mail. As this message is being sent, youhave 18 megabytes (MB) or more stored in your inbox. To help us resetyour space in our database, please enter your current user name(_________________) password (_______________) You will receive a periodic alert if your inbox size is between 18 and20 MB. If your inbox size is 20 MB, a program on your Webmail willmove your oldest e-mails to a folder in your home directory to ensureyou can continue receiving incoming e-mail. You will be notified thishas taken place. If your inbox grows to 25 MB, you will be unable to receive new e-mailand it will be returned to sender. All this is programmed to ensureyour e-mail continues to function well. Thank you for your cooperation. Help Desk.Important: Email Account Verification Update ! ! ! From owner-ietf-smime@mail.imc.org Wed Jan 28 19:08:44 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CAB4C28C11F for ; Wed, 28 Jan 2009 19:08:44 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.176 X-Spam-Level: X-Spam-Status: No, score=-1.176 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, DEAR_SOMETHING=1.605, GB_I_INVITATION=-2, HELO_MISMATCH_COM=0.553, HOST_EQ_JP=1.265] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y10BzcztC+KH for ; Wed, 28 Jan 2009 19:08:43 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id C451F3A693F for ; Wed, 28 Jan 2009 19:08:42 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0T2qgFp083108 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 28 Jan 2009 19:52:42 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n0T2qgwu083107; Wed, 28 Jan 2009 19:52:42 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from sjpexch1.corp.ad.entrust.com (ej2.entrust.jp [122.216.181.182]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0T2qUpv083097 for ; Wed, 28 Jan 2009 19:52:41 -0700 (MST) (envelope-from Kenji.Urushima@entrust.com) Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft Exchange V6.5 Subject: Fwd: Invitation to the ETSI 3rd Remote XAdES/CAdES Plugtests Date: Thu, 29 Jan 2009 11:52:28 +0900 Message-ID: <3F474C6F69A5A241A0001166056444B7454477@sjpexch1.corp.ad.entrust.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Fwd: Invitation to the ETSI 3rd Remote XAdES/CAdES Plugtests Thread-Index: AcmBvJ8lnxxE5jQeTHibaTTps8yIjg== From: "Kenji Urushima" To: Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Folks, Let me apologize for a brief advertisement. I would like to bring the following interoperability event related to RFC 5126 CAdES (CMS Advanced Electronic Signature,=20 http://tools.ietf.org/html/rfc5126) to your attention. ######## Dear Madam, Dear Sir, The ETSI Plugtests Service is pleased to invite you to participate in a new remote XAdES plugtests! After the success of the first remote plugtest event, ETSI has continued the development of the supporting Remote Plugtest Portal, which now offers on-line PKI-related services (Certificates provision, OCSP server, LDAP and Time-stamp). The purposes of these new events are: * To consolidate solutions to already identified interoperability issues of CAdES and XAdES. * To enable participants to assess the level of interoperability of CAdES. * To identify additional issues that should be taken into account in future XAdES/CAdES standardization activities. * To improve the quality of XAdES/CAdES specifications. * To ease the introduction of XAdES/CAdES signatures, by providing the means to solve interoperability problems before widespread deployment. The event will evaluate (X-C)AdES interoperability by focusing on all the different XAdES forms standardized in ETSI TS 101 903 and ETSI 101 733, including (X-C)AdES-BES, (X-C)AdES-EPES, (X-C)AdES-T, (X-C)AdES-C, (X-C)AdES-X Type 1, (X-C)AdES-X Type 2, (X-C)AdES-XL and (X-C)AdES-A. Participants will also be able to generate new test case definitions and signatures, which will be taken into consideration for extending the test cases set according to ETSI's discretion. The registration deadline for the 3rd event is 6th February 2009. We recommend you to register as soon as possible. All details about the events, including all the technical information are available at the following URL:_ http://www.etsi.org/plugtests/XAdES2/html/XAdES2.htm http://xades-portal.etsi.org/pub/XAdES2.shtml Should you need any further information, please feel free to=20 contact us at: plugtests@etsi.org The Plugtests Team ------------------------------- Please accept our apologies if you receive multiple copies of this announcement. ######### Kenji Urushima (kenji.urusima@entrust.com) Entrust Japan Co., Ltd. http://japan.entrust.com/ ETSI STF-351 http://portal.etsi.org/stfs/STF_HomePages/STF351/STF351.asp From apache@mail.mides.gub.uy Wed Jan 28 19:45:43 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DBAA13A6872 for ; Wed, 28 Jan 2009 19:45:43 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -93.221 X-Spam-Level: X-Spam-Status: No, score=-93.221 tagged_above=-999 required=5 tests=[ADVANCE_FEE_2=1.234, ADVANCE_FEE_3=1.432, AWL=3.176, BAYES_60=1, FH_HOST_EQ_D_D_D_D=0.765, GB_I_LETTER=-2, HOST_EQ_STATIC=1.172, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7V2-ydzde18l for ; Wed, 28 Jan 2009 19:45:43 -0800 (PST) Received: from mail.mides.gub.uy (r200-40-156-195.static.adinet.com.uy [200.40.156.195]) by core3.amsl.com (Postfix) with ESMTP id 6E25F3A6944 for ; Wed, 28 Jan 2009 19:45:42 -0800 (PST) Received: from apache by mail.mides.gub.uy with local (Exim 4.66) (envelope-from ) id 1LSNp2-00089J-FU; Thu, 29 Jan 2009 01:44:08 -0200 Received: from 196-207-3-12.netcomng.com (196-207-3-12.netcomng.com [196.207.3.12]) by mail.mides.gub.uy (Horde MIME library) with HTTP; Thu, 29 Jan 2009 01:44:08 -0200 Message-ID: <20090129014408.t4bhr2hdogs8sogk@mail.mides.gub.uy> Date: Thu, 29 Jan 2009 01:44:08 -0200 From: Fedex Online Management Team Reply-to: rechard.raynor09@gmail.com To: undisclosed-recipients:; Subject: Reminder MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable User-Agent: Internet Messaging Program (IMP) H3 (4.1.4) Sender: Apache Dear Customer, We have been waiting for you to contact us for your Package that is been registered with us for shipping to your residential location. We had thought that your sender gave you our contact details. It may interest you to know that a letter is also added to your package. However, we cannot quote its content to you via email for privacy reasons. We understand that the content of your package itself is a Bank Draft worth of $800,000.00 Eight Hundred Thousand US Dollars). As you know, FedEx does not ship money in CASH or in CHEQUES but BANK DRAFTS are shippable. The package is registered with us for mailing by your colleague as claimed, and your colleague explained that he is from the United States but he is here in Nigeria for a three (3) month Survey Project as he works with a construction firm in Nigeria West Africa. We are sending you this email because your package is been registered on a Special Order. What you have to do now, is to contact our Delivery Department for immediate dispatch of your package to your residential address. Note that as soon as our Delivery Team confirms your information, it will take three (3) working days (72Hrs) for your package to arrive its designated destination. For your information, the VAT & Shipping charges as well as Insurance fees have been paid by your colleague before your package was registered. Note that the payment that is made on the Insurance, Premium & Clearance Certificates, are to certify that the Bank Draft is not a Drug Affiliated Fund (DAF) neither is it funds to sponsor Terrorism in your country. This will help you avoid any form of query from the Monetary Authority of your country. However, you will have to pay a sum of =A3150 GBP which is equivalent to $300 USD to the FedEx Delivery Department being full payment for the Security Keeping Fee of the FedEx Company as stated in our privacy terms & condition page. Also be informed that your colleague wished to pay for the Security Keeping charges, but we do not accept such payments considering the fact that all items & packages that is registered with us have a time limitation and we cannot accept payment without knowing when you will be picking up the package or even respond to us.. So we cannot take the risk to have accepted such a payment incase of any possible demurrage. Kindly note that your colleague did not leave us with any further information. We hope that you respond to us as soon as possible because if you fail to respond until the expiry date of the foremost package, we may refer the package to the British Commission for Welfare as the package do not have a return address. Kindly contact the delivery department (FedEx Delivery Post) with the details given below: Contact Person: Agent Rechard Raynor. Email: rechard.raynor09@gmail.com Tel: +2348059074250 Kindly complete the below form and send it to the email address given above. This is mandatory to reconfirm your Postal address and telephone numbers. FULL NAMES: TELEPHONE: POSTAL ADDRESS: CITY: STATE: COUNTRY: As soon as your details are received, our delivery team will give you the necessary payment procedure so that you can effect the payment for the Security Keeping Fees. As soon as they confirm your payment of =A3150 GBP which is equivalent to $300 USD, they shall immediately dispatch your package to the designated address. It usually takes 72 Hours being an express delivery service. Note that we were not instructed to email you, but due to the high priority of your package we had to inform you as your sender did not leave us with his phone number because he stated that he just arrived Engla nd and he was not on phone yet. We indeed personally sealed your Bank Draft and we found your email contact in the attached letter as the recipient of the foremost package. Ensure to contact the delivery department with the email address and ensure to fill the above form as well to enable successful reconfirmation. All responses must be forwarded to: rechard.raynor09@gmail.com Yours Faithfully, Mrs.Aidris . FedEx Online Management Team ---------------------------------------------------------------- Ministerio de Desarrollo Social - informatica@mides.gub.uy From ostmaster@absoluteengineers.com Wed Jan 28 23:13:35 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 976FD28C0F3 for ; Wed, 28 Jan 2009 23:13:35 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -28.712 X-Spam-Level: X-Spam-Status: No, score=-28.712 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HELO_DYNAMIC_IPADDR2=4.395, HELO_DYNAMIC_SPLIT_IP=3.493, HELO_EQ_IP_ADDR=1.119, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, RCVD_NUMERIC_HELO=2.067, RDNS_DYNAMIC=0.1, SARE_UNI=0.591, TVD_RCVD_IP=1.931, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_RHS_DOB=1.083, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qu98ihFIdy6S for ; Wed, 28 Jan 2009 23:13:31 -0800 (PST) Received: from 88.204.193.194.metro.online.kz (88.204.193.194.metro.online.kz [88.204.193.194]) by core3.amsl.com (Postfix) with SMTP id 411F628C0D7 for ; Wed, 28 Jan 2009 23:13:26 -0800 (PST) X-AntiVirus: Checked by Dr.Web [version: 4.44, engine: 4.44.0.09170, virus records: 511513, updated: 29.01.2009] To: Subject: From your home Doc. From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090129071328.411F628C0D7@core3.amsl.com> Date: Wed, 28 Jan 2009 23:13:26 -0800 (PST)
Tell a friend · Download latest version See this email as a webpage

Hello smime-archive

Shipped Privately And Discreetly To Your Door!
See this email as a webpage
  We want to put a great big grin on your face in 2009. You'll be to rejoice all year.  

Unsubscribe · Lost Password · Account Settings · Help · Terms of Service · Privacy

© 2003-2009 SASI Limited. SASi Communications S.a.r.l., 22/24 Green St, Amsterdam L5462.

SASi, SASiIn, SASiOut, SASicasts, SASi Certified, SASiMe!, SASi Pro, SASiFind, SASi Prime, SASi To Go, associated logos and the ‘S’-symbol are trademarks of SASi Limited.
From amanda.dupreez@polokwane.org.za Thu Jan 29 00:50:16 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EA3003A6937; Thu, 29 Jan 2009 00:50:16 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -70.19 X-Spam-Level: X-Spam-Status: No, score=-70.19 tagged_above=-999 required=5 tests=[BAYES_95=3, HELO_MISMATCH_NET=0.611, HOST_EQ_RO=0.904, RCVD_IN_NJABL_PROXY=1.643, RCVD_IN_SORBS_WEB=0.619, RCVD_IN_XBL=3.033, URIBL_BLACK=20, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C2mM2BlJvuKx; Thu, 29 Jan 2009 00:50:14 -0800 (PST) Received: from CUSTOMER.VPLS.NET (dnt-gw-scoala-ast.dnttm.ro [85.186.33.239]) by core3.amsl.com (Postfix) with SMTP id 385EC3A69F6; Thu, 29 Jan 2009 00:50:04 -0800 (PST) Message-ID: <1535G467.31171444smime-archive@megatron.ietf.org> Date: Thu, 29 Jan 2009 03:49:40 -0500 From: "Beatriz Lutz" To: "Deborah Villanueva" Subject: Impressive Cartier timepieces Content-Type: text/plain; Content-Transfer-Encoding: 7bit Dear Deborah, If you've waited to get your Jaeger LeCoultre watch, this is the right time to go for it. http://suglia7zece.freewhost.com With top notch customer service and super warranty, we stand behind our watches. http://suglia7zece.freewhost.com Our Jaeger LeCoultre watches have perfect weight and feel same as orginal. Sincerely, Mr Villanueva From owner-ietf-smime@mail.imc.org Thu Jan 29 03:36:07 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A4E4428C1A2 for ; Thu, 29 Jan 2009 03:36:07 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 1.862 X-Spam-Level: * X-Spam-Status: No, score=1.862 tagged_above=-999 required=5 tests=[AWL=0.611, BAYES_00=-2.599, CHARSET_FARAWAY_HEADER=3.2, HELO_EQ_DE=0.35, MIME_8BIT_HEADER=0.3] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LMy3mlJHZqys for ; Thu, 29 Jan 2009 03:36:03 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 63F3328C1AF for ; Thu, 29 Jan 2009 03:36:03 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0TBGID1004887 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 29 Jan 2009 04:16:18 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n0TBGIEo004885; Thu, 29 Jan 2009 04:16:18 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from WOTAN.TR-Sys.de (gateway.tr-sys.de [213.178.172.147]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0TBGEYd004871; Thu, 29 Jan 2009 04:16:16 -0700 (MST) (envelope-from A.Hoenes@tr-sys.de) Received: from ZEUS.TR-Sys.de by w. with ESMTP ($Revision: 1.37.109.26 $/16.3) id AA042267669; Thu, 29 Jan 2009 12:14:29 +0100 Received: (from ah@localhost) by z.TR-Sys.de (8.9.3 (PHNE_25183)/8.7.3) id MAA14919; Thu, 29 Jan 2009 12:14:28 +0100 (MEZ) From: Alfred =?hp-roman8?B?SM5uZXM=?= Message-Id: <200901291114.MAA14919@TR-Sys.de> Subject: Re: New ASN.1 Modules drafts (cont'd) To: ietf-pkix@imc.org, ietf-smime@imc.org Date: Thu, 29 Jan 2009 12:14:28 +0100 (MEZ) X-Mailer: ELM [$Revision: 1.17.214.3 $] Mime-Version: 1.0 Content-Type: text/plain; charset=hp-roman8 Content-Transfer-Encoding: 8bit Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Continuing my 'sliced' review of the New ASN.1 drafts, below are some more remarks on the AlgorithmInformation Module and general elements of concern for both drafts. The various RFC specific ASN.1 modules will be dealt with in subsequent messages sent to the 'responsible' list (PKIX/SMIME) only. (4) AlgorithmInformation Module I had already raised the question of where this module should go to -- in the PKIX draft only or in both drafts. For more precise reference, I hereby renumber that issue to # (4a) and continue the previous enumeration. In the meantime, I have reported a bunch of comments for this module off-list, mostly editorial in nature. However, the following 3 items included in my message to the authors might deserve feedback from the lists and are rephrased here: (4b) Some 'simple type' definitions from the RFC 5280 (PKIX1) modules are needed in many modules. It might make sense to move such definitions into the basic PKIX-CommonTypes module, to simplify the module dependency graph. Opinions? (4d) DIGEST-ALGORITHM DISCUSS: Should the module new AlgorithmInformation module prepare for RHASH (Krawczyk et al. Randomized Hashing) addition in a future document ? Would need a bucket for the Nonce -- unless implemented as a parameter. [ cf. draft-irtf-cfrg-rhash-01 (expired) and NIST Draft SP 800-106. ] Opinions? (4n) COMBINED ALGORITHMS DISCUSS: Should a specific CLASS for combined (authenticated- encryption) algorithms be added ? Opinions? (5) General topics for RFC specific ASN.1 modules (5a) additional information? To enhance the readability and utility of the drafts, I suggest to add the following type of information to all respective sections of both drafts: (5a.1) Keyword in Section title Ex. (PKIX draft) : |4. ASN.1 Module for RFC 2560 --- |4. ASN.1 Module for RFC 2560 (OCSP) (5a.2) Short intro to the purpose and scope of the module At the very beginning of each section, I would appreciate a short (one-sentence) paragraph that describes the scope and content of the subsequent module. This can also be used to expand acronym[s] used in the section headline (introduced by the above suggestion), as required by RFC style policy. Notable specifics should also be mentioned there. Ex. (PKIX draft, section 4) : | The subsequent ASN.1 module formally specifies the syntax of | the 'basic' OCSP (Online Certificate Status Protocol) request | and response messages as defined in [RFC2560] and includes the | related OIDs. | It also corrects an oversight in the original (1988 ASN.1) module | in [RFC2560], supplying the missing definition for CRLReason. (5a.3) IMPORTS pointers I would appreciate to see the FROM clauses in all IMPORTS statements amended by comments precisely pointing to the definition of the referenced ASN.1 module. Ex. (PKIX draft): IMPORTS ....... FROM PKIX1Implicit88 -- Section { ... } ..... FROM -- Section of RFC { ... } etc. (5b) order of modules Currently, the RFC specific modules are presented (in both drafts) in ascending RFC number order, but the 'elementary' new module(s) are presented first. In the PKIX draft, it strikes that so many dependencies exist to the PKIX1 modules from RFC 5280 which appears in tha last module section of the PKIX draft. Thus, the placement of the 'elementary' modules could be seen as an indication of a reader-friendly bottom-up staggering of the modules, but this principle is not followed subsequently. If a general reordering following a topological sort of the IMPORTS module dependency graph shall not be undertaken, two relatively simple measures should be considered: * moving more 'elementary type' definitions into the PKIX-CommonTypes module, to simplify the module dependency graph; * moving the frequently uesd PKIX1 modules immediately after the new 'basic' module(s), and leaving the remaining modules in ascending RFC number order. Opinions? (5c) names of PKIX1 modules Notwithstanding the remarks in Section 1.2 on module OIDs, IMHO the _names_ of the new PKIX1 modules should be changed; having "1988" in these names simply is very confusing. s/1988/1992/ ? [[ to be continued with per-RFC-module comments ]] Kind regards, Alfred HÎnes. -- +------------------------+--------------------------------------------+ | TR-Sys Alfred Hoenes | Alfred Hoenes Dipl.-Math., Dipl.-Phys. | | Gerlinger Strasse 12 | Phone: (+49)7156/9635-0, Fax: -18 | | D-71254 Ditzingen | E-Mail: ah@TR-Sys.de | +------------------------+--------------------------------------------+ From mancinelli@alceservizi.it Thu Jan 29 03:59:07 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1E9D93A6900 for ; Thu, 29 Jan 2009 03:59:07 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -22.121 X-Spam-Level: X-Spam-Status: No, score=-22.121 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_RELAY_NODNS=1.451, GB_I_LETTER=-2, HELO_MISMATCH_NET=0.611, HTML_IMAGE_ONLY_32=1.778, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, RDNS_NONE=0.1, TVD_PH_SUBJ_META=0, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I2SpOTaVXD1W for ; Thu, 29 Jan 2009 03:59:06 -0800 (PST) Received: from 6cess.net (unknown [121.210.52.248]) by core3.amsl.com (Postfix) with SMTP id 1F4EC3A6902 for ; Thu, 29 Jan 2009 03:59:02 -0800 (PST) To: Subject: Your payment has been sent From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090129115904.1F4EC3A6902@core3.amsl.com> Date: Thu, 29 Jan 2009 03:59:02 -0800 (PST)
We ship Worldwide! To all countries! To all destinations!
Cant see a picture? Click Here!

To unsubscribe from this mailing list, please log in to www.abilitynorth.com, click on "My Account", click "Update" to edit your registration details and uncheck the "Receive Newsletter?" check box.
Or unsubscribe at http://abilitynorth.com/faq.php

Privacy Statement | Terms & Conditions | Contact

KEYWORD Ltd.
Tower Bridge Business Complex. Unit 3, B541. 132 Clements Road. London. SE43 4DG

© 2006-2008 KEYWORD, Ltd. All Rights Reserved

From tony@bull-associates.co.uk Thu Jan 29 06:21:19 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DD25728C108; Thu, 29 Jan 2009 06:21:19 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -55.958 X-Spam-Level: X-Spam-Status: No, score=-55.958 tagged_above=-999 required=5 tests=[BAYES_80=2, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, GB_ROLEX=5, HELO_MISMATCH_NET=0.611, HOST_EQ_PL=1.95, RDNS_DYNAMIC=0.1, SARE_SPEC_ROLEX=1.666, SARE_SPEC_ROLEX_NOV5A=1.062, URIBL_AB_SURBL=10, URIBL_BLACK=20, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xIA0dhW3CAiU; Thu, 29 Jan 2009 06:21:18 -0800 (PST) Received: from CUSTOMER.VPLS.NET (83-1-13-185.informel.pl [83.1.13.185]) by core3.amsl.com (Postfix) with SMTP id ED3BB3A6AF7; Thu, 29 Jan 2009 06:21:00 -0800 (PST) Message-ID: <942M2793.2776418sipping-owner@ietf.org> Date: Thu, 29 Jan 2009 09:20:41 -0500 From: "Cecile Mccauley" To: "Eddie Corona" Subject: Winter quality watches offer Content-Type: text/plain; Content-Transfer-Encoding: 7bit Dear Eddie, There are things in life that seem unattainable. Owning a fine watch doesn't have to be one of them. http://mollygleasonlyji.hostshield.com At Prestige Reps you will find exactly the watch you're looking for, at prices that will make you blink twice. That's right! Here you can get a Rolex, a Breitling, a Tag or pretty much every fine brand timepiece for less than ten percent their original price! http://mollygleasonlyji.hostshield.com Click here now and enjoy our fast shipping and safe billing method while getting the most realistic look on a fine reproduction timepiece. Sincerely, Mr Corona From clm@clmanor.com Thu Jan 29 12:27:36 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A4DF03A6872; Thu, 29 Jan 2009 12:27:36 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -44.762 X-Spam-Level: X-Spam-Status: No, score=-44.762 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_RELAY_NODNS=1.451, GB_ROLEX=5, HELO_MISMATCH_NET=0.611, RCVD_IN_PBL=0.905, RDNS_NONE=0.1, SARE_SPEC_ROLEX_NOV5A=1.062, SARE_SPEC_ROLEX_NOV5F=0.666, SUBJECT_FUZZY_TION=0.156, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_PH_SURBL=1.787, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iYsu2a6uzbMz; Thu, 29 Jan 2009 12:27:35 -0800 (PST) Received: from CUSTOMER.VPLS.NET (unknown [189.104.242.156]) by core3.amsl.com (Postfix) with SMTP id 705A53A6A55; Thu, 29 Jan 2009 12:27:25 -0800 (PST) Message-ID: <244K9474.7088784smime-archive@megatron.ietf.org> Date: Thu, 29 Jan 2009 15:26:59 -0500 From: "Avery Bridges" To: "Edward Mcknight" Subject: Inexpensive Louis Vuitton bags Content-Type: text/plain; Content-Transfer-Encoding: 7bit Dear Edward, So you thought owning a brand name watch was out of your reach? Think again! http://kkstang82fake.k2free.com Prestige Reps has it all: Rolex, Cartier, Tag Heuer, Breitling, and many more, for a fraction of the price of an original watch. And don't forget: when you order two watches, you get an extra 15 percent discount over our already low prices! http://kkstang82fake.k2free.com Enjoy the fastest shipping around, paired with secure billing, incredible customer service and the largest online selection of fine reproduction timepiece… only at Prestige Reps, of course! Sincerely, Mr Mcknight From owner-ietf-smime@mail.imc.org Thu Jan 29 15:13:21 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B6E333A689F for ; Thu, 29 Jan 2009 15:13:21 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.598 X-Spam-Level: X-Spam-Status: No, score=-102.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2URtjf8kceLw for ; Thu, 29 Jan 2009 15:13:20 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id F13163A6847 for ; Thu, 29 Jan 2009 15:13:19 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0TMspYt044398 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 29 Jan 2009 15:54:51 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n0TMspbc044397; Thu, 29 Jan 2009 15:54:51 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from wolverine02.qualcomm.com (wolverine02.qualcomm.com [199.106.114.251]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0TMsehF044380 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=FAIL); Thu, 29 Jan 2009 15:54:51 -0700 (MST) (envelope-from aramp@qualcomm.com) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qualcomm.com; i=aramp@qualcomm.com; q=dns/txt; s=qcdkim; t=1233269690; x=1264805690; h=from:to:date:subject:thread-topic:thread-index: message-id:accept-language:content-language: x-ms-has-attach:x-ms-tnef-correlator:acceptlanguage: content-type:mime-version:x-ironport-av; z=From:=20"Perez,=20Aram"=20|To:=20"ie tf-smime@imc.org"=20,=0D=0A=20=20=20 =20=20=20=20=20"ietf-pkix@imc.org"=0D=0A=09|Date:=20Thu,=2029=20Jan=202009=2014:54:38=20-0800 |Subject:=20OIDs=20for=20AES=20in=20CTR=20Mode |Thread-Topic:=20OIDs=20for=20AES=20in=20CTR=20Mode |Thread-Index:=20AcmCZI/wD4GwM7kDFU+1+2a6VU53FA=3D=3D |Message-ID:=20 |Accept-Language:=20en-US|Content-Language:=20en |X-MS-Has-Attach:|X-MS-TNEF-Correlator:|acceptlanguage: =20en-US|Content-Type:=20multipart/alternative=3B=0D=0A =09boundary=3D"_000_C5A773AE19D48arampqualcommcom_" |MIME-Version:=201.0|X-IronPort-AV:=20E=3DMcAfee=3Bi=3D"5 100,188,5510"=3B=20a=3D"15046448"; bh=yD9Cj39quSXsNHpDRkgrmlDIpScMm+lbmmngZ4LkzIY=; b=c3/mChMKblreTGy9GXiB4xaLMMvGSeDMbaEzz2x316xfLihrbzkfbK+O HQ3N8ZPGOKafmm9Vf1K+eV2VuBlM6rDr2C6sa6X7H1YNeESeQiVJgt9PR SHR3I+wqf8r0ZlvaNQz6UuLgN6XoYFF5zWMXgw82qNslLR6FzLz6JngmF 8=; X-IronPort-AV: E=McAfee;i="5100,188,5510"; a="15046448" Received: from pdmz-ns-mip.qualcomm.com (HELO ithilien.qualcomm.com) ([199.106.114.10]) by wolverine02.qualcomm.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 29 Jan 2009 14:54:40 -0800 Received: from msgtransport02.qualcomm.com (msgtransport02.qualcomm.com [129.46.61.151]) by ithilien.qualcomm.com (8.14.2/8.14.2/1.0) with ESMTP id n0TMsexc010215 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Thu, 29 Jan 2009 14:54:40 -0800 Received: from nasanexhub01.na.qualcomm.com (nasanexhub01.na.qualcomm.com [10.46.93.121]) by msgtransport02.qualcomm.com (8.14.2/8.14.2/1.0) with ESMTP id n0TMsdY3012761 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT); Thu, 29 Jan 2009 14:54:39 -0800 Received: from NASANEXMB05.na.qualcomm.com ([129.46.52.178]) by nasanexhub01.na.qualcomm.com ([10.46.93.121]) with mapi; Thu, 29 Jan 2009 14:54:39 -0800 From: "Perez, Aram" To: "ietf-smime@imc.org" , "ietf-pkix@imc.org" Date: Thu, 29 Jan 2009 14:54:38 -0800 Subject: OIDs for AES in CTR Mode Thread-Topic: OIDs for AES in CTR Mode Thread-Index: AcmCZI/wD4GwM7kDFU+1+2a6VU53FA== Message-ID: Accept-Language: en-US Content-Language: en X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: multipart/alternative; boundary="_000_C5A773AE19D48arampqualcommcom_" MIME-Version: 1.0 Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: --_000_C5A773AE19D48arampqualcommcom_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi Folks, Is anyone aware of any OID (or URI) for using AES in CTR mode? Thanks, Aram --_000_C5A773AE19D48arampqualcommcom_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable OIDs for AES in CTR Mode Hi Folks,

Is anyone aware of any OID (or URI) for using AES in CTR mode?

Thanks,
Aram --_000_C5A773AE19D48arampqualcommcom_-- From owner-ietf-smime@mail.imc.org Thu Jan 29 19:28:20 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 65B0D3A687F for ; Thu, 29 Jan 2009 19:28:20 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 1.844 X-Spam-Level: * X-Spam-Status: No, score=1.844 tagged_above=-999 required=5 tests=[AWL=0.593, BAYES_00=-2.599, CHARSET_FARAWAY_HEADER=3.2, HELO_EQ_DE=0.35, MIME_8BIT_HEADER=0.3] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tgXayJeOmkkv for ; Thu, 29 Jan 2009 19:28:19 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id B7E5B3A6878 for ; Thu, 29 Jan 2009 19:28:18 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0U3HXhj054535 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 29 Jan 2009 20:17:33 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n0U3HXwj054533; Thu, 29 Jan 2009 20:17:33 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from WOTAN.TR-Sys.de (gateway.tr-sys.de [213.178.172.147]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0U3HT9S054522; Thu, 29 Jan 2009 20:17:31 -0700 (MST) (envelope-from A.Hoenes@tr-sys.de) Received: from ZEUS.TR-Sys.de by w. with ESMTP ($Revision: 1.37.109.26 $/16.3) id AA046855344; Fri, 30 Jan 2009 04:15:44 +0100 Received: (from ah@localhost) by z.TR-Sys.de (8.9.3 (PHNE_25183)/8.7.3) id EAA16899; Fri, 30 Jan 2009 04:15:43 +0100 (MEZ) From: Alfred =?hp-roman8?B?SM5uZXM=?= Message-Id: <200901300315.EAA16899@TR-Sys.de> Subject: RE: New modules drafts -- proposed ASN.1 downgrade tutorial To: ietf-pkix@imc.org, ietf-smime@imc.org Date: Fri, 30 Jan 2009 04:15:43 +0100 (MEZ) X-Mailer: ELM [$Revision: 1.17.214.3 $] Mime-Version: 1.0 Content-Type: text/plain; charset=hp-roman8 Content-Transfer-Encoding: 7bit Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Folks, ASN.1 guru's will regret, but some on the list might be interested in a few more hints and (firstly) an idea regarding ASN.1. a) Help the IETF EDU team prepare a 'New ASN.1' tutorial session for IETFers with a working knowledge of the 'Old ASN.1'. First opportunity: Sunday afternoon in Stockholm ? b) Beyond ... the primary X.680/690 series Recommendations available from: http://www.itu.int/rec/T-REC-X/e , http://www.itu.int/rec/T-REC-X.680-X.693/e , the SG-17 home page: http://www.itu.int/ITU-T/studygroups/com17/index.asp , and the ASN.1 & OID Project pages: http://www.itu.int/ITU-T/asn1/index.html , the ITU-T web site offers ASN.1 delta material: http://www.itu.int/ITU-T/studygroups/com17/changing-ASN/index.html - Differences - Advantages - How-to-Change + Pointers to books ... c) John Larmouth, "ASN.1 Complete", printed: Morgan Kaufmann / Academic Press, ISBN 0-12233-435-3; also downloadable from the web. d) Olivier Dubuisson, translated by Philippe Fouquart, "ASN.1 - Communications between heterogenous systems", printed: Elsevier - Morgan Kaufmann, ISBN 0-12-6333361-0 (?? -- literally from below! :-)) e) OSS Nokalva Inc. hosts lots of web resources including online versions of the above books, and offers professional training services; start with: http://www.oss.com/asn1/ Kind regards, Alfred. -- +------------------------+--------------------------------------------+ | TR-Sys Alfred Hoenes | Alfred Hoenes Dipl.-Math., Dipl.-Phys. | | Gerlinger Strasse 12 | Phone: (+49)7156/9635-0, Fax: -18 | | D-71254 Ditzingen | E-Mail: ah@TR-Sys.de | +------------------------+--------------------------------------------+ From mellocanellas@andradecanellas.com.br Fri Jan 30 00:37:51 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 021773A6AC0 for ; Fri, 30 Jan 2009 00:37:51 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -15.773 X-Spam-Level: X-Spam-Status: No, score=-15.773 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HTML_IMAGE_ONLY_04=2.041, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_1=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_HTML_A_BODY=0.742, SARE_HTML_IMG_ONLY=1.666, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GEZkgxx9ilj9 for ; Fri, 30 Jan 2009 00:37:50 -0800 (PST) Received: from host-85-27-19-113.brutele.be (host-85-27-19-113.brutele.be [85.27.19.113]) by core3.amsl.com (Postfix) with SMTP id 5DC833A6AAA for ; Fri, 30 Jan 2009 00:37:49 -0800 (PST) To: Subject: Your order From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090130083749.5DC833A6AAA@core3.amsl.com> Date: Fri, 30 Jan 2009 00:37:49 -0800 (PST) Having trouble viewing this email? Click here to view as a webpage. From info@accountupdate.com Fri Jan 30 04:46:34 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B9C503A694D for ; Fri, 30 Jan 2009 04:46:34 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 2.492 X-Spam-Level: ** X-Spam-Status: No, score=2.492 tagged_above=-999 required=5 tests=[BAYES_40=-0.185, J_CHICKENPOX_73=0.6, SUBJ_ALL_CAPS=2.077] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D7VtmnEdtQVq for ; Fri, 30 Jan 2009 04:46:34 -0800 (PST) Received: from omr1.bezeqint.net (omr1.bezeqint.net [192.115.104.8]) by core3.amsl.com (Postfix) with ESMTP id 682813A6861 for ; Fri, 30 Jan 2009 04:46:33 -0800 (PST) Received: from mr2.bezeqint.net (mr2.bezeqint.net [192.115.104.72]) by omr1.bezeqint.net (Bezeq International SMTP out Mail Server) with ESMTP id 6313816213B; Fri, 30 Jan 2009 14:46:22 +0200 (IST) Received: from mas21.bezeqint.net (EHLO mas21.bezeqint.net) ([192.115.104.151]) by mr2.bezeqint.net (MOS 3.10.2-GA FastPath queued) with ESMTP id JHM76712; Fri, 30 Jan 2009 14:46:13 +0200 (IST) Received: (from mas21.bezeqint.net [41.204.224.15]) by mas21.bezeqint.net (MOS 3.8.6-GA) with HTTP/1.1 id HBA47125 (AUTH ilvolks); Fri, 30 Jan 2009 14:44:36 +0200 (IST) From: Account Updating Subject: ACCOUNT UPGRADING!!! Reply-To: upgrading@mail2world.com X-Mailer: Mirapoint Webmail Direct 3.8.6-GA MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: <20090130144436.HBA47125@mas21.bezeqint.net> Date: Fri, 30 Jan 2009 14:44:36 +0200 (IST) X-Mirapoint-IP-Reputation: reputation=good-1, source=Fixed, refid=n/a, actions=tag X-Junkmail: UCE(50) X-Junkmail-Status: score=50/50, host=mr2.bezeqint.net X-Junkmail-SD-Raw: score=bulk(0), refid=str=0001.0A0B0202.4982F68F.03C9,ss=3,sh,fgs=0, ip=192.115.104.151, so=2008-08-01 02:07:42, dmn=5.7.1/2008-09-02, mode=single engine X-Junkmail-IWF: false To: undisclosed-recipients:; Dear Webmail Subscriber, To complete your Webmail account,you must reply to this email immediately and enter your password here (.......)Failure to do this will render your email address deactivated from our database.MyVISI Webmail From owner-ietf-smime@mail.imc.org Fri Jan 30 09:06:37 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 464C53A6997 for ; Fri, 30 Jan 2009 09:06:37 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NShM2ij9HMlq for ; Fri, 30 Jan 2009 09:06:36 -0800 (PST) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 302AD3A6986 for ; Fri, 30 Jan 2009 09:06:35 -0800 (PST) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0UGrhhE093022 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 30 Jan 2009 09:53:43 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n0UGrhDF093018; Fri, 30 Jan 2009 09:53:43 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from mx3.bbn.com (mx3.bbn.com [128.33.1.81]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0UGrVc5092997 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 30 Jan 2009 09:53:42 -0700 (MST) (envelope-from gardiner@bbn.com) Received: from dhcp89-089-178.bbn.com ([128.89.89.178] helo=gardiner-xp.bbn.com) by mx3.bbn.com with esmtp (Exim 4.63) (envelope-from ) id 1LSwcT-0004EY-BG; Fri, 30 Jan 2009 11:53:29 -0500 Message-Id: <6.2.1.2.2.20090130115247.024b2368@po2.bbn.com> X-Mailer: QUALCOMM Windows Eudora Version 6.2.1.2 Date: Fri, 30 Jan 2009 11:53:26 -0500 To: Paul Hoffman , "Carl Wallace" , , From: "Charles W. Gardiner" Subject: RE: New modules drafts -- proposed ASN.1 downgrade tutorial In-Reply-To: References: <200901271625.RAA12336@TR-Sys.de> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: At 12:13 PM 1/28/2009, Paul Hoffman wrote: >At 9:35 AM -0500 1/28/09, Carl Wallace wrote: > >I volunteer to help write the document. > >Thank you! Who wants to help Carl? I'd be glad to try. Charlie Gardiner From kevin@amflondon.co.uk Fri Jan 30 09:59:43 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E99123A6AC8 for ; Fri, 30 Jan 2009 09:59:43 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.569 X-Spam-Level: X-Spam-Status: No, score=-14.569 tagged_above=-999 required=5 tests=[BAYES_99=3.5, GB_I_LETTER=-2, HTML_IMAGE_ONLY_32=1.778, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_SORBS_WEB=0.619, RCVD_IN_XBL=3.033, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lKH+92Ge1qEx for ; Fri, 30 Jan 2009 09:59:43 -0800 (PST) Received: from rtr10.fill.ee (rtr10.fill.ee [84.50.208.11]) by core3.amsl.com (Postfix) with SMTP id 4571C3A6965 for ; Fri, 30 Jan 2009 09:59:41 -0800 (PST) To: Subject: You've received an answer to your question From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090130175942.4571C3A6965@core3.amsl.com> Date: Fri, 30 Jan 2009 09:59:41 -0800 (PST)
We ship Worldwide! To all countries! To all destinations!
Cant see a picture? Click Here!

To unsubscribe from this mailing list, please log in to www.meeksure.com, click on "My Account", click "Update" to edit your registration details and uncheck the "Receive Newsletter?" check box.
Or unsubscribe at http://meeksure.com/faq.php

Privacy Statement | Terms & Conditions | Contact

KEYWORD Ltd.
Tower Bridge Business Complex. Unit 3, B025. 374 Clements Road. London. SE88 3DG

© 2006-2008 KEYWORD, Ltd. All Rights Reserved

From kiddiedd@alisan.com.hk Fri Jan 30 11:29:20 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 32FD43A6916 for ; Fri, 30 Jan 2009 11:29:20 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -29.073 X-Spam-Level: X-Spam-Status: No, score=-29.073 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HOST_EQ_D_D_D_D=0.765, HELO_DYNAMIC_DHCP=1.398, HELO_EQ_DSL=1.129, HELO_EQ_SK=1.35, HOST_EQ_SK=0.555, HTML_MESSAGE=0.001, J_CHICKENPOX_74=0.6, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pDMtQKaBaIg9 for ; Fri, 30 Jan 2009 11:29:18 -0800 (PST) Received: from adsl-dyn170.78-99-12.t-com.sk (adsl-dyn170.78-99-12.t-com.sk [78.99.12.170]) by core3.amsl.com (Postfix) with SMTP id 5960C3A67CF for ; Fri, 30 Jan 2009 11:29:14 -0800 (PST) To: Subject: Throughout mail From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090130192915.5960C3A67CF@core3.amsl.com> Date: Fri, 30 Jan 2009 11:29:14 -0800 (PST)
Tell a friend · Download latest version See this email as a webpage

Hello!

Shipped Privately And Discreetly To Your Door!
See this email as a webpage
  We want to put a great big grin on your face in 2009. You'll be to rejoice all year.  

Unsubscribe · Lost Password · Account Settings · Help · Terms of Service · Privacy

© 2003-2009 CopS Limited.CopS Communications S.a.r.l., 22/24 Green St, Amsterdam L7775.

CopS, CopSIn, CopSOut, CopScasts, CopS Certified, CopSMe!, CopS Pro, CopSFind, CopS Prime, CopS To Go, associated logos and the Cops-symbol are trademarks of CopS Limited.
From csilva@rio.nutecnet.com.br Fri Jan 30 12:21:36 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7C9403A6825; Fri, 30 Jan 2009 12:21:36 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -51.232 X-Spam-Level: X-Spam-Status: No, score=-51.232 tagged_above=-999 required=5 tests=[BAYES_99=3.5, HELO_MISMATCH_NET=0.611, HOST_EQ_BR=1.295, MANGLED_HERE=2.3, SARE_SPEC_ROLEX_NOV5A=1.062, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_SC_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QXe-bZ9qzwWV; Fri, 30 Jan 2009 12:21:35 -0800 (PST) Received: from CUSTOMER.VPLS.NET (popmh.unoescmh.edu.br [201.14.179.100]) by core3.amsl.com (Postfix) with SMTP id F030328C0E5; Fri, 30 Jan 2009 12:20:48 -0800 (PST) Message-ID: <4027Q1890.21664349sipping-owner@ietf.org> Date: Fri, 30 Jan 2009 15:20:27 -0500 From: "Alicia Newell" To: "Emilio Elkins" Subject: Winter quality watches offer Content-Type: text/plain; Content-Transfer-Encoding: 7bit X-Antivirus: avast! (VPS 080711-0, 11/07/2008), Outbound message X-Antivirus-Status: Clean Dear Emilio, Have you been dreaming about owning an expensive designer watch? Now you can, just without the high price tag! http://tgjmmaze.freehostingz.com The watch of your dreams doesn't have to be an overpriced piece of machinery. Nowadays you can get the same functionality and distinctive looks from the next best thing. Vi it Pres ge Reps and choose from hundreds of gorgeous models at less than ten percent the price of an original. http://tgjmmaze.freehostingz.com Clck he re n w and enjoy our fast shipping and safe billing method while getting the most realistic look on a fine reproduction timepiece. Sincerely, Mr Elkins From jstroud@aguafria.org Fri Jan 30 12:48:21 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4EB9228C122 for ; Fri, 30 Jan 2009 12:48:21 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 1.354 X-Spam-Level: * X-Spam-Status: No, score=1.354 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, GB_I_LETTER=-2, HELO_DYNAMIC_IPADDR2=4.395, HELO_EQ_PL=1.135, HOST_EQ_PL=1.95, HTML_IMAGE_ONLY_32=1.778, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, TVD_RCVD_IP=1.931, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AHKXxj9plTXm for ; Fri, 30 Jan 2009 12:48:19 -0800 (PST) Received: from 86-63-96-7.sta.asta-net.com.pl (86-63-96-7.sta.asta-net.com.pl [86.63.96.7]) by core3.amsl.com (Postfix) with SMTP id 878C93A6B04 for ; Fri, 30 Jan 2009 12:48:13 -0800 (PST) To: Subject: Customer Receipt/Purchase Confirmation From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090130204814.878C93A6B04@core3.amsl.com> Date: Fri, 30 Jan 2009 12:48:13 -0800 (PST)
We ship Worldwide! To all countries! To all destinations!
Cant see a picture? Click Here!

To unsubscribe from this mailing list, please log in to www.warmnoble.com, click on "My Account", click "Update" to edit your registration details and uncheck the "Receive Newsletter?" check box.
Or unsubscribe at http://warmnoble.com/faq.php

Privacy Statement | Terms & Conditions | Contact

KEYWORD Ltd.
Tower Bridge Business Complex. Unit 6, B329. 638 Clements Road. London. SE88 0DG

© 2006-2008 KEYWORD, Ltd. All Rights Reserved

From ozgurkucuk@ama-assn.org Fri Jan 30 20:40:01 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B144B3A6A38 for ; Fri, 30 Jan 2009 20:40:01 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -31.479 X-Spam-Level: X-Spam-Status: No, score=-31.479 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, GB_I_LETTER=-2, HELO_DYNAMIC_DHCP=1.398, HELO_DYNAMIC_HCC=4.295, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_DSL=1.129, HTML_IMAGE_ONLY_32=1.778, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_RHS_DOB=1.083, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZC55SSO5OcZ4 for ; Fri, 30 Jan 2009 20:40:00 -0800 (PST) Received: from adsl-99-187-72-38.dsl.pltn13.sbcglobal.net (adsl-99-187-72-38.dsl.pltn13.sbcglobal.net [99.187.72.38]) by core3.amsl.com (Postfix) with SMTP id C9F703A6A18 for ; Fri, 30 Jan 2009 20:39:59 -0800 (PST) To: Subject: Invoice from itunes.com From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090131043959.C9F703A6A18@core3.amsl.com> Date: Fri, 30 Jan 2009 20:39:59 -0800 (PST)
We ship Worldwide! To all countries! To all destinations!
Cant see a picture? Click Here!

To unsubscribe from this mailing list, please log in to www.roadyard.com, click on "My Account", click "Update" to edit your registration details and uncheck the "Receive Newsletter?" check box.
Or unsubscribe at http://roadyard.com/faq.php

Privacy Statement | Terms & Conditions | Contact

KEYWORD Ltd.
Tower Bridge Business Complex. Unit 5, B671. 056 Clements Road. London. SE48 5DG

© 2006-2008 KEYWORD, Ltd. All Rights Reserved

From avram@truebluegrass.com Fri Jan 30 21:29:07 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8FD003A67CC; Fri, 30 Jan 2009 21:29:07 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -44.174 X-Spam-Level: X-Spam-Status: No, score=-44.174 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HELO_MISMATCH_NET=0.611, HOST_EQ_RU=0.875, MANGLED_HERE=2.3, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_SPEC_ROLEX_NOV5A=1.062, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_PH_SURBL=1.787, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o7IAFvbPomRh; Fri, 30 Jan 2009 21:29:05 -0800 (PST) Received: from CUSTOMER.VPLS.NET (210-235-190-89.baltnet.ru [89.190.235.210]) by core3.amsl.com (Postfix) with SMTP id 830743A679C; Fri, 30 Jan 2009 21:28:58 -0800 (PST) Message-ID: <488A9340.5867239smime-archive@megatron.ietf.org> Date: Sat, 31 Jan 2009 00:28:30 -0500 From: "Meagan Goldsmith" To: "Bianca Sylvester" Subject: January promo on watches Content-Type: text/plain; Content-Transfer-Encoding: 7bit Dear Bianca, What's the fastest way to a lover's heart? A beautiful and stylish designer watch! http://memoriiez22lero.k2free.com So, co me vi it Pres ge Reps, the famous watch-portal where thousands of satisfied customers have already found that superb imitation time piece for just a few hundred dollars. http://memoriiez22lero.k2free.com Clck he re n w and enjoy our fast shipping and safe billing method while getting the most realistic look on a fine reproduction timepiece. Sincerely, Mr Sylvester From kimdy64@afc21.co.kr Sat Jan 31 00:24:52 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BF8113A6A7C for ; Sat, 31 Jan 2009 00:24:52 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -36.295 X-Spam-Level: X-Spam-Status: No, score=-36.295 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_RELAY_NODNS=1.451, GB_I_LETTER=-2, HELO_MISMATCH_COM=0.553, HTML_IMAGE_ONLY_32=1.778, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RDNS_NONE=0.1, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MIPBLmmrtCB5 for ; Sat, 31 Jan 2009 00:24:52 -0800 (PST) Received: from amoje.com (unknown [122.169.162.242]) by core3.amsl.com (Postfix) with SMTP id A7BA13A6A77 for ; Sat, 31 Jan 2009 00:24:49 -0800 (PST) To: Subject: Email Handling Opinion Needed From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090131082450.A7BA13A6A77@core3.amsl.com> Date: Sat, 31 Jan 2009 00:24:49 -0800 (PST)
We ship Worldwide! To all countries! To all destinations!
Cant see a picture? Click Here!

To unsubscribe from this mailing list, please log in to www.didreciprocity.com, click on "My Account", click "Update" to edit your registration details and uncheck the "Receive Newsletter?" check box.
Or unsubscribe at http://didreciprocity.com/faq.php

Privacy Statement | Terms & Conditions | Contact

KEYWORD Ltd.
Tower Bridge Business Complex. Unit 3, B184. 838 Clements Road. London. SE11 3DG

© 2006-2008 KEYWORD, Ltd. All Rights Reserved

From eu@avis.com Sat Jan 31 06:05:45 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EECEB28C124 for ; Sat, 31 Jan 2009 06:05:44 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -57.835 X-Spam-Level: X-Spam-Status: No, score=-57.835 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, INVALID_DATE=1.245, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, STOX_REPLY_TYPE=0.001, TVD_FINGER_02=2.134, URIBL_RHS_DOB=1.083, URIBL_SBL=20, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lbBRTa1HSehm for ; Sat, 31 Jan 2009 06:05:43 -0800 (PST) Received: from ppp-124-121-206-156.revip2.asianet.co.th (ppp-124-121-206-168.revip2.asianet.co.th [124.121.206.168]) by core3.amsl.com (Postfix) with ESMTP id 2B25328C116 for ; Sat, 31 Jan 2009 06:05:42 -0800 (PST) Received: from [124.121.206.156] by avis.com.s8a2.psmtp.com; Sat, 31 Jan SE Asia Standard Time Message-ID: <07b80f71$3a5774af$2a085411@eu> From: To: Subject: Ave Date: Sat, 31 Jan SE Asia Standard Time MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="Windows-1252"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.3138 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198 Hey baby, found this site and wanted you to check it out first http://www.igoltaf.net/a/ From a.chahbouni@salamgaz.ma Sat Jan 31 11:27:13 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B22DE3A67F6; Sat, 31 Jan 2009 11:27:13 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -38.849 X-Spam-Level: X-Spam-Status: No, score=-38.849 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FRT_ROLEX=3.878, GB_ROLEX=5, HELO_MISMATCH_NET=0.611, HOST_EQ_BR=1.295, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RDNS_DYNAMIC=0.1, SARE_RECV_SPAM_DOMN02=1.666, SARE_SPEC_ROLEX=1.666, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_SC_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JWfCU8ricD0N; Sat, 31 Jan 2009 11:27:13 -0800 (PST) Received: from CUSTOMER.VPLS.NET (201-43-57-63.dsl.telesp.net.br [201.43.57.63]) by core3.amsl.com (Postfix) with SMTP id 952593A695B; Sat, 31 Jan 2009 11:27:04 -0800 (PST) Message-ID: <6245L308.51353835smime-archive@megatron.ietf.org> Date: Sat, 31 Jan 2009 14:26:35 -0500 From: "Edwardo Metz" To: "Claire Marsh" Subject: Ro lex watches wholesale all year long! Content-Type: text/plain; Content-Transfer-Encoding: 7bit Dear Claire, Loving yourself is the first step in loving life. And what better way to do it, than by getting yourself a fine designer watch? http://klgee7toni.obxhost.net At Pres ge Reps we make it easy to get a Rolex, Cartier, Bvlgari or any brand name that you think of. As long as it is considered a high class watch, you will find it in our one of a kind st re! http://klgee7toni.obxhost.net Only Prest ge Reps offers you unsurpassed quality and award-winning customer service. So, what are you waiting for? Sincerely, Mr Marsh From smimera@yahoo.fr Sat Jan 31 14:28:19 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 56C5E3A6AB6 for ; Sat, 31 Jan 2009 14:28:19 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -80.851 X-Spam-Level: X-Spam-Status: No, score=-80.851 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, GB_H_CANADIAN=0.5, GB_H_PHARMACY=1, GB_I_LETTER=-2, GB_PHARMACY=1, HELO_MISMATCH_COM=0.553, HTML_EXTRA_CLOSE=2.809, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_3=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_UNI=0.591, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9h1egcKk1Mxm for ; Sat, 31 Jan 2009 14:28:18 -0800 (PST) Received: from amerblind.outbound.ed10.com (77-105-52-191.adsl-1.sezampro.yu [77.105.52.191]) by core3.amsl.com (Postfix) with SMTP id 4BD473A6A30 for ; Sat, 31 Jan 2009 14:28:16 -0800 (PST) Content-Return: allowed X-Mailer: devMail.Net (3.0.1854.22234-2) To: smime-archive@megatron.ietf.org Subject: RE: Canadian Pharmacy Message 52208 From: smime-archive@megatron.ietf.org MIME-Version: 1.0 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: 7bit Message-Id: <20090131222817.4BD473A6A30@core3.amsl.com> Date: Sat, 31 Jan 2009 14:28:16 -0800 (PST)
Click Here!
About this mailing:
You are receiving this e-mail because you subscribed to MSN Featured Offers. Microsoft respects your privacy. If you do not wish to receive this MSN Featured Offers e-mail, please click the "Unsubscribe" link below. This will not unsubscribe you from e-mail communications from third-party advertisers that may appear in MSN Feature Offers. This shall not constitute an offer by MSN. MSN shall not be responsible or liable for the advertisers' content nor any of the goods or service advertised. Prices and item availability subject to change without notice.

©2009 Microsoft | Unsubscribe | More Newsletters | Privacy

Microsoft Corporation, One Microsoft Way, Redmond, WA 98052
From toppers@johntopley.fsnet.co.uk Sat Jan 31 15:23:41 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 663ED3A6B38; Sat, 31 Jan 2009 15:23:41 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -44.639 X-Spam-Level: X-Spam-Status: No, score=-44.639 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_RELAY_NODNS=1.451, GB_ROLEX=5, HELO_MISMATCH_NET=0.611, RCVD_IN_XBL=3.033, RDNS_NONE=0.1, SARE_SPEC_ROLEX=1.666, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_SC_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lyiWKbnFNkXE; Sat, 31 Jan 2009 15:23:40 -0800 (PST) Received: from CUSTOMER.VPLS.NET (unknown [209.183.55.81]) by core3.amsl.com (Postfix) with SMTP id D878928C12C; Sat, 31 Jan 2009 15:23:15 -0800 (PST) Message-ID: <9781D442.9425453sipping-owner@ietf.org> Date: Sat, 31 Jan 2009 18:22:52 -0500 From: "Vicky Costa" To: "Wilfredo Snyder" Subject: Trim line or sport watch? You choose Content-Type: text/plain; Content-Transfer-Encoding: 7bit Dear Wilfredo, A fine designer watch says means refinement and money. A fine, non-expensive designer watch also means intelligence! http://twin2grammadaxe.freehostingz.com Franck Muller Store has it all: Rolex, Cartier, Tag Heuer, Breitling, and many more, for a fraction of the price of an original watch. And don't forget: when you or der two watches, you get an extra 15 percent discount over our already low prices! http://twin2grammadaxe.freehostingz.com Most experts couldn't tell our watches from the real thing, and neither will your friends, so impress them today get started with your watch sho ping n w! Sincerely, Mr Snyder From mail@agenceproust.com Sat Jan 31 15:29:24 2009 Return-Path: X-Original-To: ietfarch-smime-archive@core3.amsl.com Delivered-To: ietfarch-smime-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2FF6C3A6B3E for ; Sat, 31 Jan 2009 15:29:24 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -12.608 X-Spam-Level: X-Spam-Status: No, score=-12.608 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, GB_I_LETTER=-2, HELO_DYNAMIC_IPADDR2=4.395, HTML_IMAGE_ONLY_32=1.778, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, TVD_RCVD_IP=1.931, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5eFaG+KwcHm7 for ; Sat, 31 Jan 2009 15:29:23 -0800 (PST) Received: from 99-195-75-160.dyn.centurytel.net (99-195-75-160.dyn.centurytel.net [99.195.75.160]) by core3.amsl.com (Postfix) with SMTP id 8D4AF3A6B46 for ; Sat, 31 Jan 2009 15:29:20 -0800 (PST) To: Subject: Email Handling Opinion Needed From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090131232921.8D4AF3A6B46@core3.amsl.com> Date: Sat, 31 Jan 2009 15:29:20 -0800 (PST)
We ship Worldwide! To all countries! To all destinations!
Cant see a picture? Click Here!

To unsubscribe from this mailing list, please log in to www.likeintuition.com, click on "My Account", click "Update" to edit your registration details and uncheck the "Receive Newsletter?" check box.
Or unsubscribe at http://likeintuition.com/faq.php

Privacy Statement | Terms & Conditions | Contact

KEYWORD Ltd.
Tower Bridge Business Complex. Unit 8, B042. 660 Clements Road. London. SE75 3DG

© 2006-2008 KEYWORD, Ltd. All Rights Reserved

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0UGrhhE093022 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 30 Jan 2009 09:53:43 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n0UGrhDF093018; Fri, 30 Jan 2009 09:53:43 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from mx3.bbn.com (mx3.bbn.com [128.33.1.81]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0UGrVc5092997 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 30 Jan 2009 09:53:42 -0700 (MST) (envelope-from gardiner@bbn.com) Received: from dhcp89-089-178.bbn.com ([128.89.89.178] helo=gardiner-xp.bbn.com) by mx3.bbn.com with esmtp (Exim 4.63) (envelope-from ) id 1LSwcT-0004EY-BG; Fri, 30 Jan 2009 11:53:29 -0500 Message-Id: <6.2.1.2.2.20090130115247.024b2368@po2.bbn.com> X-Mailer: QUALCOMM Windows Eudora Version 6.2.1.2 Date: Fri, 30 Jan 2009 11:53:26 -0500 To: Paul Hoffman , "Carl Wallace" , , From: "Charles W. Gardiner" Subject: RE: New modules drafts -- proposed ASN.1 downgrade tutorial In-Reply-To: References: <200901271625.RAA12336@TR-Sys.de> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: At 12:13 PM 1/28/2009, Paul Hoffman wrote: >At 9:35 AM -0500 1/28/09, Carl Wallace wrote: > >I volunteer to help write the document. > >Thank you! Who wants to help Carl? I'd be glad to try. Charlie Gardiner Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0U3HXhj054535 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 29 Jan 2009 20:17:33 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n0U3HXwj054533; Thu, 29 Jan 2009 20:17:33 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from WOTAN.TR-Sys.de (gateway.tr-sys.de [213.178.172.147]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0U3HT9S054522; Thu, 29 Jan 2009 20:17:31 -0700 (MST) (envelope-from A.Hoenes@tr-sys.de) Received: from ZEUS.TR-Sys.de by w. with ESMTP ($Revision: 1.37.109.26 $/16.3) id AA046855344; Fri, 30 Jan 2009 04:15:44 +0100 Received: (from ah@localhost) by z.TR-Sys.de (8.9.3 (PHNE_25183)/8.7.3) id EAA16899; Fri, 30 Jan 2009 04:15:43 +0100 (MEZ) From: Alfred =?hp-roman8?B?SM5uZXM=?= Message-Id: <200901300315.EAA16899@TR-Sys.de> Subject: RE: New modules drafts -- proposed ASN.1 downgrade tutorial To: ietf-pkix@imc.org, ietf-smime@imc.org Date: Fri, 30 Jan 2009 04:15:43 +0100 (MEZ) X-Mailer: ELM [$Revision: 1.17.214.3 $] Mime-Version: 1.0 Content-Type: text/plain; charset=hp-roman8 Content-Transfer-Encoding: 7bit Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Folks, ASN.1 guru's will regret, but some on the list might be interested in a few more hints and (firstly) an idea regarding ASN.1. a) Help the IETF EDU team prepare a 'New ASN.1' tutorial session for IETFers with a working knowledge of the 'Old ASN.1'. First opportunity: Sunday afternoon in Stockholm ? b) Beyond ... the primary X.680/690 series Recommendations available from: http://www.itu.int/rec/T-REC-X/e , http://www.itu.int/rec/T-REC-X.680-X.693/e , the SG-17 home page: http://www.itu.int/ITU-T/studygroups/com17/index.asp , and the ASN.1 & OID Project pages: http://www.itu.int/ITU-T/asn1/index.html , the ITU-T web site offers ASN.1 delta material: http://www.itu.int/ITU-T/studygroups/com17/changing-ASN/index.html - Differences - Advantages - How-to-Change + Pointers to books ... c) John Larmouth, "ASN.1 Complete", printed: Morgan Kaufmann / Academic Press, ISBN 0-12233-435-3; also downloadable from the web. d) Olivier Dubuisson, translated by Philippe Fouquart, "ASN.1 - Communications between heterogenous systems", printed: Elsevier - Morgan Kaufmann, ISBN 0-12-6333361-0 (?? -- literally from below! :-)) e) OSS Nokalva Inc. hosts lots of web resources including online versions of the above books, and offers professional training services; start with: http://www.oss.com/asn1/ Kind regards, Alfred. -- +------------------------+--------------------------------------------+ | TR-Sys Alfred Hoenes | Alfred Hoenes Dipl.-Math., Dipl.-Phys. | | Gerlinger Strasse 12 | Phone: (+49)7156/9635-0, Fax: -18 | | D-71254 Ditzingen | E-Mail: ah@TR-Sys.de | +------------------------+--------------------------------------------+ Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0TMspYt044398 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 29 Jan 2009 15:54:51 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n0TMspbc044397; Thu, 29 Jan 2009 15:54:51 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from wolverine02.qualcomm.com (wolverine02.qualcomm.com [199.106.114.251]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0TMsehF044380 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=FAIL); Thu, 29 Jan 2009 15:54:51 -0700 (MST) (envelope-from aramp@qualcomm.com) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qualcomm.com; i=aramp@qualcomm.com; q=dns/txt; s=qcdkim; t=1233269690; x=1264805690; h=from:to:date:subject:thread-topic:thread-index: message-id:accept-language:content-language: x-ms-has-attach:x-ms-tnef-correlator:acceptlanguage: content-type:mime-version:x-ironport-av; z=From:=20"Perez,=20Aram"=20|To:=20"ie tf-smime@imc.org"=20,=0D=0A=20=20=20 =20=20=20=20=20"ietf-pkix@imc.org"=0D=0A=09|Date:=20Thu,=2029=20Jan=202009=2014:54:38=20-0800 |Subject:=20OIDs=20for=20AES=20in=20CTR=20Mode |Thread-Topic:=20OIDs=20for=20AES=20in=20CTR=20Mode |Thread-Index:=20AcmCZI/wD4GwM7kDFU+1+2a6VU53FA=3D=3D |Message-ID:=20 |Accept-Language:=20en-US|Content-Language:=20en |X-MS-Has-Attach:|X-MS-TNEF-Correlator:|acceptlanguage: =20en-US|Content-Type:=20multipart/alternative=3B=0D=0A =09boundary=3D"_000_C5A773AE19D48arampqualcommcom_" |MIME-Version:=201.0|X-IronPort-AV:=20E=3DMcAfee=3Bi=3D"5 100,188,5510"=3B=20a=3D"15046448"; bh=yD9Cj39quSXsNHpDRkgrmlDIpScMm+lbmmngZ4LkzIY=; b=c3/mChMKblreTGy9GXiB4xaLMMvGSeDMbaEzz2x316xfLihrbzkfbK+O HQ3N8ZPGOKafmm9Vf1K+eV2VuBlM6rDr2C6sa6X7H1YNeESeQiVJgt9PR SHR3I+wqf8r0ZlvaNQz6UuLgN6XoYFF5zWMXgw82qNslLR6FzLz6JngmF 8=; X-IronPort-AV: E=McAfee;i="5100,188,5510"; a="15046448" Received: from pdmz-ns-mip.qualcomm.com (HELO ithilien.qualcomm.com) ([199.106.114.10]) by wolverine02.qualcomm.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 29 Jan 2009 14:54:40 -0800 Received: from msgtransport02.qualcomm.com (msgtransport02.qualcomm.com [129.46.61.151]) by ithilien.qualcomm.com (8.14.2/8.14.2/1.0) with ESMTP id n0TMsexc010215 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Thu, 29 Jan 2009 14:54:40 -0800 Received: from nasanexhub01.na.qualcomm.com (nasanexhub01.na.qualcomm.com [10.46.93.121]) by msgtransport02.qualcomm.com (8.14.2/8.14.2/1.0) with ESMTP id n0TMsdY3012761 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT); Thu, 29 Jan 2009 14:54:39 -0800 Received: from NASANEXMB05.na.qualcomm.com ([129.46.52.178]) by nasanexhub01.na.qualcomm.com ([10.46.93.121]) with mapi; Thu, 29 Jan 2009 14:54:39 -0800 From: "Perez, Aram" To: "ietf-smime@imc.org" , "ietf-pkix@imc.org" Date: Thu, 29 Jan 2009 14:54:38 -0800 Subject: OIDs for AES in CTR Mode Thread-Topic: OIDs for AES in CTR Mode Thread-Index: AcmCZI/wD4GwM7kDFU+1+2a6VU53FA== Message-ID: Accept-Language: en-US Content-Language: en X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: multipart/alternative; boundary="_000_C5A773AE19D48arampqualcommcom_" MIME-Version: 1.0 Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: --_000_C5A773AE19D48arampqualcommcom_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi Folks, Is anyone aware of any OID (or URI) for using AES in CTR mode? Thanks, Aram --_000_C5A773AE19D48arampqualcommcom_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable OIDs for AES in CTR Mode Hi Folks,

Is anyone aware of any OID (or URI) for using AES in CTR mode?

Thanks,
Aram --_000_C5A773AE19D48arampqualcommcom_-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0TBGID1004887 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 29 Jan 2009 04:16:18 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n0TBGIEo004885; Thu, 29 Jan 2009 04:16:18 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from WOTAN.TR-Sys.de (gateway.tr-sys.de [213.178.172.147]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0TBGEYd004871; Thu, 29 Jan 2009 04:16:16 -0700 (MST) (envelope-from A.Hoenes@tr-sys.de) Received: from ZEUS.TR-Sys.de by w. with ESMTP ($Revision: 1.37.109.26 $/16.3) id AA042267669; Thu, 29 Jan 2009 12:14:29 +0100 Received: (from ah@localhost) by z.TR-Sys.de (8.9.3 (PHNE_25183)/8.7.3) id MAA14919; Thu, 29 Jan 2009 12:14:28 +0100 (MEZ) From: Alfred =?hp-roman8?B?SM5uZXM=?= Message-Id: <200901291114.MAA14919@TR-Sys.de> Subject: Re: New ASN.1 Modules drafts (cont'd) To: ietf-pkix@imc.org, ietf-smime@imc.org Date: Thu, 29 Jan 2009 12:14:28 +0100 (MEZ) X-Mailer: ELM [$Revision: 1.17.214.3 $] Mime-Version: 1.0 Content-Type: text/plain; charset=hp-roman8 Content-Transfer-Encoding: 8bit Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Continuing my 'sliced' review of the New ASN.1 drafts, below are some more remarks on the AlgorithmInformation Module and general elements of concern for both drafts. The various RFC specific ASN.1 modules will be dealt with in subsequent messages sent to the 'responsible' list (PKIX/SMIME) only. (4) AlgorithmInformation Module I had already raised the question of where this module should go to -- in the PKIX draft only or in both drafts. For more precise reference, I hereby renumber that issue to # (4a) and continue the previous enumeration. In the meantime, I have reported a bunch of comments for this module off-list, mostly editorial in nature. However, the following 3 items included in my message to the authors might deserve feedback from the lists and are rephrased here: (4b) Some 'simple type' definitions from the RFC 5280 (PKIX1) modules are needed in many modules. It might make sense to move such definitions into the basic PKIX-CommonTypes module, to simplify the module dependency graph. Opinions? (4d) DIGEST-ALGORITHM DISCUSS: Should the module new AlgorithmInformation module prepare for RHASH (Krawczyk et al. Randomized Hashing) addition in a future document ? Would need a bucket for the Nonce -- unless implemented as a parameter. [ cf. draft-irtf-cfrg-rhash-01 (expired) and NIST Draft SP 800-106. ] Opinions? (4n) COMBINED ALGORITHMS DISCUSS: Should a specific CLASS for combined (authenticated- encryption) algorithms be added ? Opinions? (5) General topics for RFC specific ASN.1 modules (5a) additional information? To enhance the readability and utility of the drafts, I suggest to add the following type of information to all respective sections of both drafts: (5a.1) Keyword in Section title Ex. (PKIX draft) : |4. ASN.1 Module for RFC 2560 --- |4. ASN.1 Module for RFC 2560 (OCSP) (5a.2) Short intro to the purpose and scope of the module At the very beginning of each section, I would appreciate a short (one-sentence) paragraph that describes the scope and content of the subsequent module. This can also be used to expand acronym[s] used in the section headline (introduced by the above suggestion), as required by RFC style policy. Notable specifics should also be mentioned there. Ex. (PKIX draft, section 4) : | The subsequent ASN.1 module formally specifies the syntax of | the 'basic' OCSP (Online Certificate Status Protocol) request | and response messages as defined in [RFC2560] and includes the | related OIDs. | It also corrects an oversight in the original (1988 ASN.1) module | in [RFC2560], supplying the missing definition for CRLReason. (5a.3) IMPORTS pointers I would appreciate to see the FROM clauses in all IMPORTS statements amended by comments precisely pointing to the definition of the referenced ASN.1 module. Ex. (PKIX draft): IMPORTS ....... FROM PKIX1Implicit88 -- Section { ... } ..... FROM -- Section of RFC { ... } etc. (5b) order of modules Currently, the RFC specific modules are presented (in both drafts) in ascending RFC number order, but the 'elementary' new module(s) are presented first. In the PKIX draft, it strikes that so many dependencies exist to the PKIX1 modules from RFC 5280 which appears in tha last module section of the PKIX draft. Thus, the placement of the 'elementary' modules could be seen as an indication of a reader-friendly bottom-up staggering of the modules, but this principle is not followed subsequently. If a general reordering following a topological sort of the IMPORTS module dependency graph shall not be undertaken, two relatively simple measures should be considered: * moving more 'elementary type' definitions into the PKIX-CommonTypes module, to simplify the module dependency graph; * moving the frequently uesd PKIX1 modules immediately after the new 'basic' module(s), and leaving the remaining modules in ascending RFC number order. Opinions? (5c) names of PKIX1 modules Notwithstanding the remarks in Section 1.2 on module OIDs, IMHO the _names_ of the new PKIX1 modules should be changed; having "1988" in these names simply is very confusing. s/1988/1992/ ? [[ to be continued with per-RFC-module comments ]] Kind regards, Alfred HÎnes. -- +------------------------+--------------------------------------------+ | TR-Sys Alfred Hoenes | Alfred Hoenes Dipl.-Math., Dipl.-Phys. | | Gerlinger Strasse 12 | Phone: (+49)7156/9635-0, Fax: -18 | | D-71254 Ditzingen | E-Mail: ah@TR-Sys.de | +------------------------+--------------------------------------------+ Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0T2qgFp083108 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 28 Jan 2009 19:52:42 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n0T2qgwu083107; Wed, 28 Jan 2009 19:52:42 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from sjpexch1.corp.ad.entrust.com (ej2.entrust.jp [122.216.181.182]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0T2qUpv083097 for ; Wed, 28 Jan 2009 19:52:41 -0700 (MST) (envelope-from Kenji.Urushima@entrust.com) Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft Exchange V6.5 Subject: Fwd: Invitation to the ETSI 3rd Remote XAdES/CAdES Plugtests Date: Thu, 29 Jan 2009 11:52:28 +0900 Message-ID: <3F474C6F69A5A241A0001166056444B7454477@sjpexch1.corp.ad.entrust.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Fwd: Invitation to the ETSI 3rd Remote XAdES/CAdES Plugtests Thread-Index: AcmBvJ8lnxxE5jQeTHibaTTps8yIjg== From: "Kenji Urushima" To: Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Folks, Let me apologize for a brief advertisement. I would like to bring the following interoperability event related to RFC 5126 CAdES (CMS Advanced Electronic Signature,=20 http://tools.ietf.org/html/rfc5126) to your attention. ######## Dear Madam, Dear Sir, The ETSI Plugtests Service is pleased to invite you to participate in a new remote XAdES plugtests! After the success of the first remote plugtest event, ETSI has continued the development of the supporting Remote Plugtest Portal, which now offers on-line PKI-related services (Certificates provision, OCSP server, LDAP and Time-stamp). The purposes of these new events are: * To consolidate solutions to already identified interoperability issues of CAdES and XAdES. * To enable participants to assess the level of interoperability of CAdES. * To identify additional issues that should be taken into account in future XAdES/CAdES standardization activities. * To improve the quality of XAdES/CAdES specifications. * To ease the introduction of XAdES/CAdES signatures, by providing the means to solve interoperability problems before widespread deployment. The event will evaluate (X-C)AdES interoperability by focusing on all the different XAdES forms standardized in ETSI TS 101 903 and ETSI 101 733, including (X-C)AdES-BES, (X-C)AdES-EPES, (X-C)AdES-T, (X-C)AdES-C, (X-C)AdES-X Type 1, (X-C)AdES-X Type 2, (X-C)AdES-XL and (X-C)AdES-A. Participants will also be able to generate new test case definitions and signatures, which will be taken into consideration for extending the test cases set according to ETSI's discretion. The registration deadline for the 3rd event is 6th February 2009. We recommend you to register as soon as possible. All details about the events, including all the technical information are available at the following URL:_ http://www.etsi.org/plugtests/XAdES2/html/XAdES2.htm http://xades-portal.etsi.org/pub/XAdES2.shtml Should you need any further information, please feel free to=20 contact us at: plugtests@etsi.org The Plugtests Team ------------------------------- Please accept our apologies if you receive multiple copies of this announcement. ######### Kenji Urushima (kenji.urusima@entrust.com) Entrust Japan Co., Ltd. http://japan.entrust.com/ ETSI STF-351 http://portal.etsi.org/stfs/STF_HomePages/STF351/STF351.asp Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0SJd7N2065526 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 28 Jan 2009 12:39:07 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n0SJd7eS065525; Wed, 28 Jan 2009 12:39:07 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from WOTAN.TR-Sys.de (gateway.tr-sys.de [213.178.172.147]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0SJcqL4065503; Wed, 28 Jan 2009 12:39:04 -0700 (MST) (envelope-from A.Hoenes@tr-sys.de) Received: from ZEUS.TR-Sys.de by w. with ESMTP ($Revision: 1.37.109.26 $/16.3) id AA038221421; Wed, 28 Jan 2009 20:37:01 +0100 Received: (from ah@localhost) by z.TR-Sys.de (8.9.3 (PHNE_25183)/8.7.3) id UAA13854; Wed, 28 Jan 2009 20:37:00 +0100 (MEZ) From: Alfred =?hp-roman8?B?SM5uZXM=?= Message-Id: <200901281937.UAA13854@TR-Sys.de> Subject: Re: New ASN.1 Modules drafts To: paul.hoffman@vpnc.org, jimsch@exmsft.com Date: Wed, 28 Jan 2009 20:36:59 +0100 (MEZ) Cc: ietf-pkix@imc.org, ietf-smime@imc.org X-Mailer: ELM [$Revision: 1.17.214.3 $] Mime-Version: 1.0 Content-Type: text/plain; charset=hp-roman8 Content-Transfer-Encoding: 7bit Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Paul & Jim, as promised quite some time ago, I have started a review of the New ASN.1 Modules drafts, now that they have arrived at WGLC. Firstly, I want to thank you for this huge effort and the 'orthogonalization' of the naming style performed, which in part might not have been possible before this synoptical re-working of many less coordinated previous efforts. In order to speed things up and keep message lengths bounded, I'll report my detailed findings in successive pieces, as soon as time avails. (0) I have derived from the PKIX list discussion that both drafts need additional language in their 'executive level text' to better motivate the long-term switch to the new ASN.1, and hence the aim for Standards Track, which I strongly support. There would indeed be no reason for Standards Track if the single benefit of the whole effort only would be "simply a change to the syntax". It already has been pointed out that the major benefit is the formatization of a significant amount of syntactical information that in the 1988 ASN.1 could only be represented *informally* as ASN.1 comments, or in explanations in the prose -- most notably the mess with unspecified sets of allowed OIDs and dependent objects with 'ANY' syntax (e.g. algorithm parameters). We all need to get acquainted with the 'new ASN.1', but I expect that the long-term benefits in precision will far outweigh the necessary one-time effort. As some kind of 'draft marketing', the benefits of migrating to the new syntax should be emphasized at first place, in the Abstract and in the leading paragraph(s) of Section 1, in both drafts. Below are a few nits and comments for the (almost) common parts of both drafts. More TBD. For brevity, I'll denote the two drafts, draft-ietf-pkix-new-asn1-02 and draft-ietf-smime-new-asn1-02, by "PKIX draft" and "CMS draft", respectively. (1) Section 1, paragraphs below the bullets -- typo (both drafts) The following typo occurs 3x : - in the two last paragraphs in the PKIX draft, and - in the penultimate para in the CMS draft. s/defintions/definitions/ ^^ ^^^ (2) Section 1.2.1 (both drafts) Let's take the authoritarian way. The figures in the OIDs are not worth of lenghty discussions. Russ Housley, the maintainer of http://www.imc.org/ietf-pkix/pkix-oid.asn seems to be the canonical trusted 3rd party to do this. :-) (3) PKIX-CommonTypes module ( PKIX draft, Section 2 ) (Linear walk-through) (3a) typo -- ATTRIBUTE -- | -- Describe the set of data assoicate with an attribute of some type. --- ^^^^^^ -- ATTRIBUTE -- | -- Describe the set of data associated with an attribute of some type. ^^^^^^^ (3b) punctuation Better use a semicolon -- full sentence follows: v | -- &Type is the ASN.1 type structure for the attribute, not all -- attributes have a data struture, so this field is optional --- v | -- &Type is the ASN.1 type structure for the attribute; not all -- attributes have a data struture, so this field is optional (3c) typo v | -- &minCount contains the mininum number of time the attribute can -- occur in an AttributeSet --- v | -- &minCount contains the minimum number of time the attribute can -- occur in an AttributeSet (3d) typo vv | -- Currently we are using two differen prefixes for attributes. --- vvv | -- Currently we are using two different prefixes for attributes. (3e) ref.? -- MATCHING-RULE is imported from InformationFramework.asn For completeness: Can you give a reference? [ Sorry, shame on me: I did not arrive yet at studying the complete X.68* document set. :-) ] (3f) word shuffling? | -- MATCHING-RULE information object class specification Too many nouns in sequence; semantics depend on how you set the imaginary brackets. Is this a better, less ambiguous alternative? : | -- specification of MATCHING-RULE information object class (3g) AttributeSet vs. SingleAttribute The formal parameter is a placeholder, isn't it? Because it plays the same role in both cases, wouldn't it be reasonable to reuse 'Attrs' for SingleAttribute (in favor of 'AttributeSet') ? Alternatively, in both cases 'AttributeSet' might be used, in a similar manner as the draft does for Extensions (subsequently). IMO, using the long version specifically for SingleAttribute might be confusing for human readers (mixing up the different meta levels). (3h) EXTENSION -- word omission v -- This class definition is used describe the association of -- object identifier and ASN.1 type structure for extensions --- vvvv -- This class definition is used to describe the association of -- object identifier and ASN.1 type structure for extensions (3i) EXTENSION ff. -- need more info The intent of the commented-out &Critical needs to be explained. Is this a proposal to be judged/evaluated by the WG? (3j) Security Category -- use of case I suggest to always use uppercase "RFC" in favor of mixing it with lowercase "rfc". Hence, please change: -- Security categories are used both for specifing clearances and for | -- labeling objects. We move this here from rfc 3281 so that they -- will use a common single object class to express this information. --- -- Security categories are used both for specifing clearances and for | -- labeling objects. We move this here from RFC 3281 so that they -- will use a common single object class to express this information. (4) AlgorithmInformation Module(s) It turns out that Section 3 of the PKIX draft and Section 2 of the CMS draft are identical. I did not find a statement clearly announcing this important fact. This is a poor service level for potential readers. Concern: Duplicated specification incurs danger of divergence and duplicated maintenance efforts in the future; Benefit: Better readability / self-containment of both drafts. However: PKIX-CommonTypes module is only in the PKIX draft! Possible ways to deal with: a) Leave module in both drafts; add statement to first paragraph (intro) of the abovementioned sections clearly stating the duplication. b) Leave module in both drafts, but declare the copy in the PKIX draft as normative and the copy in the CMS draft as non-normative; adjust wording in to first paragraph (intro) of the abovementioned sections of both drafts to clearly indicate the duplication and the role of the sections; also update the final part of Setcion 1 accordingly, in both drafts. c) Only keep this module in the PKIX draft; change language in CMS draft, end of Section 1, accordingly. d) Move both 'fundamental' modules to a third draft. Opinions? My personal preference is for c). [[ to be continued ]] Kind regards, Alfred. -- +------------------------+--------------------------------------------+ | TR-Sys Alfred Hoenes | Alfred Hoenes Dipl.-Math., Dipl.-Phys. | | Gerlinger Strasse 12 | Phone: (+49)7156/9635-0, Fax: -18 | | D-71254 Ditzingen | E-Mail: ah@TR-Sys.de | +------------------------+--------------------------------------------+ Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0SHE4Gd059483 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 28 Jan 2009 10:14:04 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n0SHE4ku059481; Wed, 28 Jan 2009 10:14:04 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from [10.20.30.158] (dsl-63-249-108-169.cruzio.com [63.249.108.169]) (authenticated bits=0) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0SHE0cn059467 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 28 Jan 2009 10:14:01 -0700 (MST) (envelope-from paul.hoffman@vpnc.org) Mime-Version: 1.0 Message-Id: In-Reply-To: References: <200901271625.RAA12336@TR-Sys.de> Date: Wed, 28 Jan 2009 09:13:58 -0800 To: "Carl Wallace" , , From: Paul Hoffman Subject: RE: New modules drafts -- proposed ASN.1 downgrade tutorial Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: At 9:35 AM -0500 1/28/09, Carl Wallace wrote: >I volunteer to help write the document. Thank you! Who wants to help Carl? > > - I agree with Alfred that it should be a separate document >> that covers all ASN.1 modules in (at least) the Security Area >> of the IETF. > >Do you in mind a draft that provides guidance on how to convert 2002 >syntax into equivalent 1988 syntax or a document that includes 88 syntax >for all security area drafts? The former seems worthwhile, I'm not sure >about the latter. Only the former; sorry I wasn't clearer. > > - Future document authors can pick whether they want to do >> their modules in 2002 or 1988 and the WGs can decide if they >> like the decision that the authors made. > >Allowance of 88 syntax may make an "upgrade tutorial" component of the >draft nice too. That would certainly be useful as well. --Paul Hoffman, Director --VPN Consortium Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0SEZWZv050545 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 28 Jan 2009 07:35:33 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n0SEZWpN050543; Wed, 28 Jan 2009 07:35:32 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from scygmxsecs1.cygnacom.com (scygmxsecs1.cygnacom.com [65.242.48.253]) by balder-227.proper.com (8.14.2/8.14.2) with SMTP id n0SEZLZI050509 for ; Wed, 28 Jan 2009 07:35:32 -0700 (MST) (envelope-from CWallace@cygnacom.com) Received: (qmail 16178 invoked from network); 28 Jan 2009 14:35:48 -0000 Received: from CWallace@cygnacom.com by scygmxsecs1.cygnacom.com with EntrustECS-Server-7.4;28 Jan 2009 14:35:48 -0000 Received: from unknown (HELO scygexch1.cygnacom.com) (10.60.50.8) by scygmxsecs1.cygnacom.com with SMTP; 28 Jan 2009 14:35:47 -0000 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft Exchange V6.5 Subject: RE: New modules drafts -- proposed ASN.1 downgrade tutorial Date: Wed, 28 Jan 2009 09:35:19 -0500 Message-ID: In-Reply-To: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: New modules drafts -- proposed ASN.1 downgrade tutorial Thread-Index: AcmAxppGlKJqWvTHTp+ETJLuMDPqMwAjbhRg References: <200901271625.RAA12336@TR-Sys.de> From: "Carl Wallace" To: "Paul Hoffman" , , Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: I volunteer to help write the document. A few comments below. > -----Original Message----- > From: owner-ietf-smime@mail.imc.org=20 > [mailto:owner-ietf-smime@mail.imc.org] On Behalf Of Paul Hoffman > Sent: Tuesday, January 27, 2009 4:23 PM > To: ietf-pkix@imc.org; ietf-smime@imc.org > Subject: Re: New modules drafts -- proposed ASN.1 downgrade tutorial >=20 >=20 > In thinking about this a bit more: >=20 > - I agree with Alfred that it should be a separate document=20 > that covers all ASN.1 modules in (at least) the Security Area=20 > of the IETF. Do you in mind a draft that provides guidance on how to convert 2002 syntax into equivalent 1988 syntax or a document that includes 88 syntax for all security area drafts? The former seems worthwhile, I'm not sure about the latter.=20 =20 > - It is not needed if the eventual PKIX and S/MIME documents=20 > are Informational RFCs instead of Standards Track. >=20 > - Future document authors can pick whether they want to do=20 > their modules in 2002 or 1988 and the WGs can decide if they=20 > like the decision that the authors made. Allowance of 88 syntax may make an "upgrade tutorial" component of the draft nice too. =20 > Given that, I propose that someone other than Jim and I start=20 > such a "downgrade tutorial". I volunteer to review it, and=20 > I'm sure that some of the modules from Jim and my documents=20 > would be good fodder for examples in the new document. >=20 > --Paul Hoffman, Director > --VPN Consortium >=20 >=20 Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0RLN9A3002892 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 27 Jan 2009 14:23:09 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n0RLN9Dv002891; Tue, 27 Jan 2009 14:23:09 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from [10.20.30.163] (dsl-63-249-108-169.cruzio.com [63.249.108.169]) (authenticated bits=0) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0RLN7bH002878 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 27 Jan 2009 14:23:08 -0700 (MST) (envelope-from paul.hoffman@vpnc.org) Mime-Version: 1.0 Message-Id: In-Reply-To: <200901271625.RAA12336@TR-Sys.de> References: <200901271625.RAA12336@TR-Sys.de> Date: Tue, 27 Jan 2009 13:23:05 -0800 To: ietf-pkix@imc.org, ietf-smime@imc.org From: Paul Hoffman Subject: Re: New modules drafts -- proposed ASN.1 downgrade tutorial Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: In thinking about this a bit more: - I agree with Alfred that it should be a separate document that covers all ASN.1 modules in (at least) the Security Area of the IETF. - It is not needed if the eventual PKIX and S/MIME documents are Informational RFCs instead of Standards Track. - Future document authors can pick whether they want to do their modules in 2002 or 1988 and the WGs can decide if they like the decision that the authors made. Given that, I propose that someone other than Jim and I start such a "downgrade tutorial". I volunteer to review it, and I'm sure that some of the modules from Jim and my documents would be good fodder for examples in the new document. --Paul Hoffman, Director --VPN Consortium Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0RGRjCv086362 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 27 Jan 2009 09:27:46 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n0RGRjQo086359; Tue, 27 Jan 2009 09:27:45 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from WOTAN.TR-Sys.de (gateway.tr-sys.de [213.178.172.147]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0RGRVuQ086346; Tue, 27 Jan 2009 09:27:43 -0700 (MST) (envelope-from A.Hoenes@tr-sys.de) Received: from ZEUS.TR-Sys.de by w. with ESMTP ($Revision: 1.37.109.26 $/16.3) id AA031413545; Tue, 27 Jan 2009 17:25:46 +0100 Received: (from ah@localhost) by z.TR-Sys.de (8.9.3 (PHNE_25183)/8.7.3) id RAA12336; Tue, 27 Jan 2009 17:25:44 +0100 (MEZ) From: Alfred =?hp-roman8?B?SM5uZXM=?= Message-Id: <200901271625.RAA12336@TR-Sys.de> Subject: Re: New modules drafts -- proposed ASN.1 downgrade tutorial To: ietf-pkix@imc.org, paul.hoffman@vpnc.org Date: Tue, 27 Jan 2009 17:25:44 +0100 (MEZ) Cc: ietf-smime@imc.org X-Mailer: ELM [$Revision: 1.17.214.3 $] Mime-Version: 1.0 Content-Type: text/plain; charset=hp-roman8 Content-Transfer-Encoding: 8bit Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: In his recent message ( http://www.imc.org/ietf-pkix/mail-archive/msg05274.html ) Paul Hoffman wrote: >> It's also easy enough (i.e., hit the delete key a lot) to convert >> from the new syntax to the old syntax. Maybe we should have >> an annex that explains how to do that? > > We could certainly add that if that would make the spec more useful > to people. > > --Paul Hoffman, Director > --VPN Consortium I fully support that idea of an "ASN.1 Downgrade Tutorial" -- but _not_ as an annex to the current draft(s), as a _standalone_ draft! Major reasons: o much more general scope and applicability (e.g., for LTANS et al.); o otherwise: annex to the PKIX draft, to the CMS + S/MIME draft, or to both? -- needless discussion! o make it possible to reference that tutorial without being tied to one of the two drafts; readers will certainly appreciate an independent memo with a less intimidating page count! o not holding off the two "New ASN.1" drafts' progress unduely -- other work in progress already has dependencies on it; o entirely new memo not infringed with RFC 5378 implementation issue. BTW: For those folks hoping for a chance of continued availability of 'CCITT' X.208/X.209 'somewhere': Did you ever see an ITU-T Recommendation 'mirror site' ? Please precisely read the ITU-T copyright statements, and please ask your legal advisor before planning to make copies available yourself, or asking other folks to do so ! :-( Kind regards, Alfred HÎnes. -- +------------------------+--------------------------------------------+ | TR-Sys Alfred Hoenes | Alfred Hoenes Dipl.-Math., Dipl.-Phys. | | Gerlinger Strasse 12 | Phone: (+49)7156/9635-0, Fax: -18 | | D-71254 Ditzingen | E-Mail: ah@TR-Sys.de | +------------------------+--------------------------------------------+ Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0RFLh5b082579 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 27 Jan 2009 08:21:43 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n0RFLhjn082578; Tue, 27 Jan 2009 08:21:43 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from smtp104.biz.mail.re2.yahoo.com (smtp104.biz.mail.re2.yahoo.com [206.190.52.173]) by balder-227.proper.com (8.14.2/8.14.2) with SMTP id n0RFLV3q082566 for ; Tue, 27 Jan 2009 08:21:42 -0700 (MST) (envelope-from turners@ieca.com) Received: (qmail 33171 invoked from network); 27 Jan 2009 15:21:31 -0000 Received: from unknown (HELO ?192.168.1.2?) (turners@96.241.98.100 with plain) by smtp104.biz.mail.re2.yahoo.com with SMTP; 27 Jan 2009 15:21:30 -0000 X-YMail-OSG: 1ysCHigVM1lGaecx2imusUsukZ.7d5lks.sVAwwL3tofn9lFxxp2jZE2qkYgmXhwUBiTEdsmlOKGPbvVdo0c7_aWkMhdqocORnJjmpoISojixfhLQpMc_exIdqo7aVIY14HGuZE8.44CRBmUw_cTk6iXUcIzLtCfK5EnzI9Wz0KEMq2sFbLgmh7JmWGeaDD3_oun.6BOgvYqUeP.WY_AiyGHxJ_k X-Yahoo-Newman-Property: ymail-3 Message-ID: <497F2694.5080508@ieca.com> Date: Tue, 27 Jan 2009 10:21:56 -0500 From: Sean Turner User-Agent: Thunderbird 2.0.0.19 (Windows/20081209) MIME-Version: 1.0 To: Peter Gutmann CC: ietf-smime@imc.org Subject: Re: CMS Questionnaire References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Peter Gutmann wrote: > Sean Turner writes: > >> Russ and Tim have challenged me to try to advance CMS to Draft Standard >> using the process in BCP 97 to deal with the dependencies that have not >> yet advanced (or aren't advancing). To that end, I've drawn up the >> following questionnaire that I'd like implementers to complete and >> return to me. What we're shooting for is to find two implementations >> that generate messages for each feature, and two implementations that >> process each feature. We don't think it should matter if the same two >> implementations are used in both stages. > > Are you just after straight yes-or-no answers, or are you interested in > metadata as well? By metadata I mean things like "I probably support method > XYZ but since I've never found anything else that does to test against I can't > guarantee that it's correct", or "I've implemented XYZ but since no user has > ever asked for it it's never been tested". It may be useful to get (or at > least I'd be very interested in seeing) data on what's actually being used in > the real world. Motivated by the history of RFC 4134, I'd also prefer to be > able to qualify a claim of "I support XYZ" with further details if there's > never been any opportunity to test whether it's actually implemented as > required (in other words to differentiate "I'm pretty sure I support XYZ" vs. > "I definitely support XYZ and have interoperated with others using it"). I'm definitely interested in metadata. spt Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0R3MT0t048596 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 26 Jan 2009 20:22:29 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n0R3MTbB048595; Mon, 26 Jan 2009 20:22:29 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from mailhost.auckland.ac.nz (curly.its.auckland.ac.nz [130.216.12.33]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0R3MIA8048570 for ; Mon, 26 Jan 2009 20:22:29 -0700 (MST) (envelope-from pgut001@cs.auckland.ac.nz) Received: from localhost (localhost.localdomain [127.0.0.1]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id 979D29E347; Tue, 27 Jan 2009 16:22:16 +1300 (NZDT) X-Virus-Scanned: by amavisd-new at mailhost.auckland.ac.nz Received: from mailhost.auckland.ac.nz ([127.0.0.1]) by localhost (curly.its.auckland.ac.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5V4ozRoLrSsy; Tue, 27 Jan 2009 16:22:16 +1300 (NZDT) Received: from iris.cs.auckland.ac.nz (iris.cs.auckland.ac.nz [130.216.33.152]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id 09D9E9E296; Tue, 27 Jan 2009 16:22:11 +1300 (NZDT) Received: from wintermute01.cs.auckland.ac.nz (wintermute01.cs.auckland.ac.nz [130.216.34.38]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by iris.cs.auckland.ac.nz (Postfix) with ESMTP id 752F11AE4003; Tue, 27 Jan 2009 16:22:10 +1300 (NZDT) Received: from pgut001 by wintermute01.cs.auckland.ac.nz with local (Exim 4.63) (envelope-from ) id 1LReWg-0007XA-Df; Tue, 27 Jan 2009 16:22:10 +1300 From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: ietf-smime@imc.org, turners@ieca.com Subject: Re: CMS Questionnaire In-Reply-To: <497E21AF.7010602@ieca.com> Message-Id: Date: Tue, 27 Jan 2009 16:22:10 +1300 Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Sean Turner writes: >Russ and Tim have challenged me to try to advance CMS to Draft Standard >using the process in BCP 97 to deal with the dependencies that have not >yet advanced (or aren't advancing). To that end, I've drawn up the >following questionnaire that I'd like implementers to complete and >return to me. What we're shooting for is to find two implementations >that generate messages for each feature, and two implementations that >process each feature. We don't think it should matter if the same two >implementations are used in both stages. Are you just after straight yes-or-no answers, or are you interested in metadata as well? By metadata I mean things like "I probably support method XYZ but since I've never found anything else that does to test against I can't guarantee that it's correct", or "I've implemented XYZ but since no user has ever asked for it it's never been tested". It may be useful to get (or at least I'd be very interested in seeing) data on what's actually being used in the real world. Motivated by the history of RFC 4134, I'd also prefer to be able to qualify a claim of "I support XYZ" with further details if there's never been any opportunity to test whether it's actually implemented as required (in other words to differentiate "I'm pretty sure I support XYZ" vs. "I definitely support XYZ and have interoperated with others using it"). Peter. Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0QKmWLt035310 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 26 Jan 2009 13:48:32 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n0QKmWeJ035309; Mon, 26 Jan 2009 13:48:32 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from smtp106.biz.mail.re2.yahoo.com (smtp106.biz.mail.re2.yahoo.com [206.190.52.175]) by balder-227.proper.com (8.14.2/8.14.2) with SMTP id n0QKmLiV035298 for ; Mon, 26 Jan 2009 13:48:31 -0700 (MST) (envelope-from turners@ieca.com) Received: (qmail 37268 invoked from network); 26 Jan 2009 20:48:21 -0000 Received: from unknown (HELO ?192.168.1.2?) (turners@71.191.12.61 with plain) by smtp106.biz.mail.re2.yahoo.com with SMTP; 26 Jan 2009 20:48:20 -0000 X-YMail-OSG: xPmTWCYVM1kXoILeZnYyUYgt_4cdKVgYsujHvcqgTytrldZ_e5gRh8V.iKYCr7w9hwsoZsRJDkLR9b82DXUchGTDAunGFqx5nz1Y5CwFUU1w5umwsMkf79sT3nwp8cEZSL6KKldVkO4wzIecM22VAqbjLCvyCTYUMtXSfEuUDAuctkkUQKEqm78asN2e.w-- X-Yahoo-Newman-Property: ymail-3 Message-ID: <497E21AF.7010602@ieca.com> Date: Mon, 26 Jan 2009 15:48:47 -0500 From: Sean Turner User-Agent: Thunderbird 2.0.0.19 (Windows/20081209) MIME-Version: 1.0 To: ietf-smime@imc.org Subject: CMS Questionnaire Content-Type: multipart/mixed; boundary="------------060909090602040808030106" Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: This is a multi-part message in MIME format. --------------060909090602040808030106 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Russ and Tim have challenged me to try to advance CMS to Draft Standard using the process in BCP 97 to deal with the dependencies that have not yet advanced (or aren't advancing). To that end, I've drawn up the following questionnaire that I'd like implementers to complete and return to me. What we're shooting for is to find two implementations that generate messages for each feature, and two implementations that process each feature. We don't think it should matter if the same two implementations are used in both stages. Thanks in advance, spt --------------060909090602040808030106 Content-Type: text/plain; name="cms-questionnaire.txt" Content-Transfer-Encoding: base64 Content-Disposition: inline; filename="cms-questionnaire.txt" UGxlYXNlIGxpc3QgdGhlIHByb2R1Y3QgYW5kIHZlcnNpb24gbnVtYmVyIChpZiBhcHBsaWNh YmxlKSBjb3ZlcmVkIGJ5IHRoaXMgcXVlc3Rpb25uYWlyZS4NCg0KDQpXaGF0IGV2aWRlbmNl IGRvIHlvdSBoYXZlIHRoYXQgeW91IGNhbiBpbnRlcm9wIHdpdGggb3RoZXIgaW1wbGVtZW50 YXRpb25zPw0KSGF2ZSB5b3Ugd29ya2VkIHRocm91Z2ggdGhlIGV4YW1wbGVzIGRyYWZ0Pw0K DQpXaGljaCBvZiB0aGUgZm9sbG93aW5nIGNvbnRlbnQgdHlwZXMgZGlkIHlvdSBpbXBsZW1l bnQ6DQotIENvbnRlbnRJbmZvLA0KLSBpZC1kYXRhLA0KLSBpZC1zaWduZWQtZGF0YSwNCi0g aWQtZW52ZWxvcGVkLWRhdGE/DQoNCkZvciB0aG9zZSB0aGF0IGltcGxlbWVudGVkIFNpZ25l ZERhdGE6DQotIHdoaWNoIHZlcnNpb24ocyk6IHYxLCB2MywgdjQsIHY1Pw0KLSB3aXRob3V0 IENlcnRpZmljYXRlcyAmIENSTHM/DQotIHdpdGggQ2VydGlmaWNhdGVzPw0KLSB3aXRoIENS TD8NCi0gd2l0aCBlbWJlZGRlZCBjb250ZW50Pw0KLSB3aXRoIGRldGFjaGVkIGNvbnRlbnQ/ DQotIFNpZ25lckluZm8gd2l0aG91dCBzaWduZWQgYXR0cmlidXRlcz8NCi0gU2lnbmVySW5m byB3aXRoIHNpZ25lZCBhdHRyaWJ1dGVzOiBpZC1tZXNzYWdlRGlnZXN0LCBpZC1jb250ZW50 VHlwZSwgaWQtc2lnbmluZ1RpbWUsIGlkLWNvdW50ZXJTaWduYXR1cmU/DQotIFNpZ25lcklu Zm8gd2l0aCB1bnNpZ25lZCBhdHRyaWJ1dGVzPw0KLSBTaWduZXJJbmZvIHdpdGggU0tJLCBp c3N1ZXIvc2VyaWFsbnVtYmVyLCBvciBib3RoPw0KDQpGb3IgdGhvc2UgdGhhdCBpbXBsZW1l bnRlZCBFbnZlbG9wZWREYXRhOg0KLSB3aGljaCB2ZXJzaW9uKHMpOiB2MCwgdjIsIHYzLCB2 ND8NCi0gd2l0aCB1bnByb3RlY3RlZCBhdHRyaWJ1dGVzPw0KLSB3aGljaCBSZWNpcGllbnRJ bmZvOiBrdHJpLCBrYXJpLCBrZWtyaSwgcHdyaSwgb3JpPw0KLSBmb3Iga3RyaSwgd2hpY2gg aWRlbnRpZmllciBpc3N1ZXIvc2VyaWFsLCBTS0ksIG9yIGJvdGg/DQotIGZvciBrYXJpLCB3 aGljaCBpZGVudGlmaWVyIGlzc3Vlci9zZXJpYWwsIFNLSSwgb3IgYm90aD8NCi0gZm9yIGth cmksIHdhcyB1a20gc3VwcG9ydGVkPw0KLSBmb3Iga2VrcmksIGlzIGRhdGUsIG90aGVyIG9y IGJvdGggc3VwcG9ydGVkIGluIEtFS0lkZW50aWZpZXI/DQoNCkZvciB0aG9zZSB0aGF0IGlt cGxlbWVudGVkIGJvdGggU2lnbmVkRGF0YSBhbmQgRW52ZWxvcGVkRGF0YToNCi0gQ2FuIHlv dSBzdXBwb3J0IHJlY2VpdmluZyBhIHRyaXBsZSB3cmFwcGVkIG1lc3NhZ2U6IEFuIGlkLXNp Z25lZERhdGEgZW5jYXBzdWxhdGVkIGluIGFuIGlkLWVudmVsb3BlZERhdGEgZW5jYXBzdWxh dGVkIGluIGlkLWVudmVsb3BlZERhdGE/DQoNCkJvbnVzIHF1ZXN0aW9ucywgd2hpY2ggYXJl IG5vdCBnb2luZyB0byBiZSBpbmNsdWRlZCBpbiB0aGUgQ01TIGludGVyb3AgcmVwb3J0Og0K LSBGb3IgU2lnbmVkRGF0YSwgZG8geW91IHN1cHBvcnQgdGhlIG11bHRpc2lnIElEPw0KLSBG b3IgQXV0aGVudGljYXRlZERhdGEsIGRvIHlvdSBzdXBwb3J0IERpZ2VzdGVkRGF0YSwgQ29t cHJlc3NlZERhdGEsIEVuY3J5cHRlZERhdGEsIGFuZC9vciBBdXRoRW52ZWxvcGVkRGF0YT8N Ci0gRm9yIFNpZ25lZERhdGEgd2hhdCBkbyB5b3UgZG8gd2hlbiB5b3UgZW5jb3VudGVyIGFu IGF0dHJpYnV0ZSB0aGF0IHlvdSBkb24ndCBzdXBwb3J0Pw== --------------060909090602040808030106-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0P60iPb036696 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 24 Jan 2009 23:00:44 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n0P60iWC036695; Sat, 24 Jan 2009 23:00:44 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from rv-out-0708.google.com (rv-out-0708.google.com [209.85.198.245]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0P60Xuw036689 for ; Sat, 24 Jan 2009 23:00:44 -0700 (MST) (envelope-from blaker@gmail.com) Received: by rv-out-0708.google.com with SMTP id c5so6259782rvf.34 for ; Sat, 24 Jan 2009 22:00:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type:content-transfer-encoding; bh=5K2G+l5Ki+ktBe9o8DlACCdSLTZng7hRPubu62ZKvME=; b=h3G7ZeyGmXrIctSPEfVq/+jVcazJCrci0bN9flZVFBZEuB8V3fnnelUFEPa/Fz6CrF MwJ2Tmt9cvIVMBMJm308WdljrDi3k/avGehhfAIAVQE0M0N7j8doBh+1TGUQFvs3ML+s H1rZsXzUQMDrCOeqAUE1rEnei/TzV83L75+zs= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; b=vdfMPTH3dlQAWS54K1+tHh8G1hhizwb7GymS9zs/5N4PQcVFsQQaY3hlKZ43P8I9Vj 5U1v55XV77WhADst8ox3XqpYIVHPd0vehNdnxJRg5DWyR33uGha5lg7TkwTrLBTsrOJM +zB3Chp2E+nNdD6cRxzXzeES99Mksgi2Jc9K4= MIME-Version: 1.0 Received: by 10.141.52.5 with SMTP id e5mr1971495rvk.55.1232863233286; Sat, 24 Jan 2009 22:00:33 -0800 (PST) Date: Sat, 24 Jan 2009 22:00:33 -0800 Message-ID: <985966520901242200w1c2d783aybfcac2de8fb6c155@mail.gmail.com> Subject: WG Last Call: draft-ietf-smime-new-asn1-02 From: Blake Ramsdell To: ietf-smime@imc.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: This message initiates an SMIME Working Group Last Call on the document: Title : New ASN.1 Modules for CMS and S/MIME Author(s) : P. Hoffman, J. Schaad Filename : draft-ietf-smime-new-asn1-02.txt Pages : 61 Date : 2009-01-09 The Cryptographic Message Syntax (CMS) format, and many associated formats, are expressed using ASN.1. The current ASN.1 modules conform to the 1988 version of ASN.1. This document updates those ASN.1 modules to conform to the 2002 version of ASN.1. There are no bits-on-the-wire changes to any of the formats; this is simply a change to the syntax. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-smime-new-asn1-02.txt The purpose of this WG Last Call is to ensure that the Working Group has achieved consensus that the document is suitable for publication as a Standards Track RFC. Please review the document for both technical and editorial problems. Technical issues should be discussed on this list. Editorial issues may be sent to the document editor. The Last Call period will end on 30 January 2009. Upon completion of the last call, the WG chairs will take action based upon the consensus of the WG. Possible actions include: 1) recommending to the IETF Security Area Directors that the document, after possible editorial or other minor changes, be considered by the IESG for publication as an Informational RFC (which generally involves an IETF-wide Last Call); or 2) requiring that outstanding issues be adequately addressed prior to further action (including, possibly, another WG Last Call). Remember that it is our responsibility as Working Group members to ensure the quality of our documents and of the Internet Standards process. So, please read and comment! Blake -- Blake Ramsdell | http://www.blakeramsdell.com Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0O0DITK070578 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 23 Jan 2009 17:13:18 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n0O0DIn5070577; Fri, 23 Jan 2009 17:13:18 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from bosco.isi.edu (bosco.isi.edu [128.9.168.207]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0O0DITw070569 for ; Fri, 23 Jan 2009 17:13:18 -0700 (MST) (envelope-from rfc-editor@rfc-editor.org) Received: by bosco.isi.edu (Postfix, from userid 70) id 2B1731F6DD8; Fri, 23 Jan 2009 16:13:18 -0800 (PST) To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org Subject: RFC 5408 on Identity-Based Encryption Architecture and Supporting Data Structures From: rfc-editor@rfc-editor.org Cc: rfc-editor@rfc-editor.org, ietf-smime@imc.org Message-Id: <20090124001318.2B1731F6DD8@bosco.isi.edu> Date: Fri, 23 Jan 2009 16:13:18 -0800 (PST) Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: A new Request for Comments is now available in online RFC libraries. RFC 5408 Title: Identity-Based Encryption Architecture and Supporting Data Structures Author: G. Appenzeller, L. Martin, M. Schertler Status: Informational Date: January 2009 Mailbox: appenz@cs.stanford.edu, martin@voltage.com, mschertler@us.axway.com Pages: 30 Characters: 62160 Updates/Obsoletes/SeeAlso: None I-D Tag: draft-ietf-smime-ibearch-09.txt URL: http://www.rfc-editor.org/rfc/rfc5408.txt This document describes the security architecture required to implement identity-based encryption, a public-key encryption technology that uses a user's identity as a public key. It also defines data structures that can be used to implement the technology. This memo provides information for the Internet community. This document is a product of the S/MIME Mail Security Working Group of the IETF. INFORMATIONAL: This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. This announcement is sent to the IETF-Announce and rfc-dist lists. To subscribe or unsubscribe, see http://www.ietf.org/mailman/listinfo/ietf-announce http://mailman.rfc-editor.org/mailman/listinfo/rfc-dist For searching the RFC series, see http://www.rfc-editor.org/rfcsearch.html. For downloading RFCs, see http://www.rfc-editor.org/rfc.html. Requests for special distribution should be addressed to either the author of the RFC in question, or to rfc-editor@rfc-editor.org. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution. The RFC Editor Team USC/Information Sciences Institute Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0O09POW070270 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 23 Jan 2009 17:09:25 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n0O09Pk6070269; Fri, 23 Jan 2009 17:09:25 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from bosco.isi.edu (bosco.isi.edu [128.9.168.207]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0O09E3J070259 for ; Fri, 23 Jan 2009 17:09:24 -0700 (MST) (envelope-from rfc-editor@rfc-editor.org) Received: by bosco.isi.edu (Postfix, from userid 70) id F0C061F6DD4; Fri, 23 Jan 2009 16:09:13 -0800 (PST) To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org Subject: RFC 5409 on Using the Boneh-Franklin and Boneh-Boyen Identity-Based Encryption Algorithms with the Cryptographic Message Syntax (CMS) From: rfc-editor@rfc-editor.org Cc: rfc-editor@rfc-editor.org, ietf-smime@imc.org Message-Id: <20090124000913.F0C061F6DD4@bosco.isi.edu> Date: Fri, 23 Jan 2009 16:09:13 -0800 (PST) Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: A new Request for Comments is now available in online RFC libraries. RFC 5409 Title: Using the Boneh-Franklin and Boneh-Boyen Identity-Based Encryption Algorithms with the Cryptographic Message Syntax (CMS) Author: L. Martin, M. Schertler Status: Informational Date: January 2009 Mailbox: martin@voltage.com, mschertler@us.axway.com Pages: 13 Characters: 25481 Updates/Obsoletes/SeeAlso: None I-D Tag: draft-ietf-smime-bfibecms-10.txt URL: http://www.rfc-editor.org/rfc/rfc5409.txt This document describes the conventions for using the Boneh-Franklin (BF) and Boneh-Boyen (BB1) identity-based encryption algorithms in the Cryptographic Message Syntax (CMS) to encrypt content-encryption keys. Object identifiers and the convention for encoding a recipient's identity are also defined. This memo provides information for the Internet community. This document is a product of the S/MIME Mail Security Working Group of the IETF. INFORMATIONAL: This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. This announcement is sent to the IETF-Announce and rfc-dist lists. To subscribe or unsubscribe, see http://www.ietf.org/mailman/listinfo/ietf-announce http://mailman.rfc-editor.org/mailman/listinfo/rfc-dist For searching the RFC series, see http://www.rfc-editor.org/rfcsearch.html. For downloading RFCs, see http://www.rfc-editor.org/rfc.html. Requests for special distribution should be addressed to either the author of the RFC in question, or to rfc-editor@rfc-editor.org. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution. The RFC Editor Team USC/Information Sciences Institute Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0KITuuk030702 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 20 Jan 2009 11:29:56 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n0KITujP030699; Tue, 20 Jan 2009 11:29:56 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from mail.ietf.org (mail.ietf.org [64.170.98.32]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0KITjX9030686 for ; Tue, 20 Jan 2009 11:29:56 -0700 (MST) (envelope-from root@core3.amsl.com) Received: by core3.amsl.com (Postfix, from userid 0) id 39B443A6B39; Tue, 20 Jan 2009 10:30:00 -0800 (PST) From: Internet-Drafts@ietf.org To: i-d-announce@ietf.org Cc: ietf-smime@imc.org Subject: I-D ACTION:draft-ietf-smime-sha2-11.txt Content-Type: Multipart/Mixed; Boundary="NextPart" Mime-Version: 1.0 Message-Id: <20090120183001.39B443A6B39@core3.amsl.com> Date: Tue, 20 Jan 2009 10:30:01 -0800 (PST) Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the S/MIME Mail Security Working Group of the IETF. Title : Using SHA2 Algorithms with Cryptographic Message Syntax Author(s) : S. Turner Filename : draft-ietf-smime-sha2-11.txt Pages : 11 Date : 2009-1-20 This document describes the conventions for using the Secure Hash Algorithm (SHA) message digest algorithms (SHA-224, SHA-256, SHA-384, SHA-512) with the Cryptographic Message Syntax (CMS). It also describes the conventions for using these algorithms with CMS and the Digital Signature Algorithm (DSA), Rivest Shamir Adleman (RSA), and Elliptic Curve DSA (ECDSA) signature algorithms. Further, it provides SMIMECapabilities attribute values for each algorithm. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-smime-sha2-11.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Message/External-body; name="draft-ietf-smime-sha2-11.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2009-1-20102252.I-D@ietf.org> --NextPart-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0F58wgA022693 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 14 Jan 2009 22:08:58 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n0F58wAH022692; Wed, 14 Jan 2009 22:08:58 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from smtp103.biz.mail.re2.yahoo.com (smtp103.biz.mail.re2.yahoo.com [68.142.229.217]) by balder-227.proper.com (8.14.2/8.14.2) with SMTP id n0F58lfO022670 for ; Wed, 14 Jan 2009 22:08:57 -0700 (MST) (envelope-from turners@ieca.com) Received: (qmail 50151 invoked from network); 15 Jan 2009 05:08:46 -0000 Received: from unknown (HELO ?192.168.1.2?) (turners@71.191.3.238 with plain) by smtp103.biz.mail.re2.yahoo.com with SMTP; 15 Jan 2009 05:08:46 -0000 X-YMail-OSG: 5Ky74zEVM1nUpMrwERDphsifrqP3OZKlYkmBeVerTYDUhb3dCxcSPRmaI7GoQRe1MscOqOoWHxCQVd8YlXCqt89_SYokYk6AsmEqmWePN5k2Kthuytcm8uTqLKtUXESetdsUbiFj0b0Fj_ONJtowEMRuhI.sMb3OmhYJ9W4jF5d_Yb.bnnXc0KVIknP1mUUsjtH0cSERyOGWP2VTVEZwvOz.62vA X-Yahoo-Newman-Property: ymail-3 Message-ID: <496EC4EB.8020004@ieca.com> Date: Thu, 15 Jan 2009 00:08:59 -0500 From: Sean Turner User-Agent: Thunderbird 2.0.0.19 (Windows/20081209) MIME-Version: 1.0 To: ietf-smime@imc.org Subject: [Fwd: Fwd: RFC 5378 and Draft Submissions] Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: IETF Chair Russ Housley has asked WG chairs to apprise their WGs of the following information. If you've been following the IETF mailing list, you may be aware of the ongoing discussion about the impact of RFC 5378 on revised draft submissions. Briefly, RFC 5378 requires Contributors to grant a more expansive set of rights than were granted by RFC 3978, and 4748. If you are submitting a document which contains text contributed by others prior to the publication of RFC 5378 you may need to obtain additional rights from the copyright holders of that text in order to contribute under the 5378 terms. The IESG and the IETF Trustees are working to resolve those issues (see http://trustee.ietf.org/docs/Background-to-Draft-Update-to-IETF-Trust-Legal-Provisions.txt). However, at present I would advise care prior to submitting any draft which contains material derived from an RFC, draft, or mailing list message published prior to November 10, 2008. Please take any general discussion of RFC 5378 to ietf@ietf.org spt [As WG Chair] PS I copied most of ekr's message. Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0EGtvMN084253 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 14 Jan 2009 09:55:58 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n0EGtvU3084251; Wed, 14 Jan 2009 09:55:57 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from [10.20.30.163] (dsl-63-249-108-169.cruzio.com [63.249.108.169]) (authenticated bits=0) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0EGttGV084237 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 14 Jan 2009 09:55:56 -0700 (MST) (envelope-from paul.hoffman@vpnc.org) Mime-Version: 1.0 Message-Id: In-Reply-To: References: Date: Wed, 14 Jan 2009 08:55:54 -0800 To: ietf-pkix@imc.org, ietf-smime@imc.org From: Paul Hoffman Subject: Re: New modules drafts posted Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Since I sent out this message below, we had one group of folks respond with a few small technical changes, but no other comments. In the spirit of forward motion, we would like the chairs of PKIX and S/MIME to put the respective documents into WG Last Call so we can shake out any last comments and put these on standards track. At 8:52 AM -0800 1/9/09, Paul Hoffman wrote: >Greetings again. This message should appear after the posting announcements for draft-ietf-pkix-new-asn1-02 and draft-ietf-smime-new-asn1-02 appear. If not, please wait a bit. :-) > >Jim and I have major changes to the modules, and we think that our work is now done, modulo bug fixes. To that end, we would *really* like folks on either of these two lists who have ASN.1 compilers that handle the 2002 syntax to review the modules carefully and let both lists know if there are any errors. In addition, we are still open to comments on our choice of style for the new objects in the modules. > >If you want to get copies of the modules without tedious copy-and-pasting, get the latest version of a2c from the a2c project (), specifically either or . The modules are in the test/ directory. The makefile in that directory has all of the dependencies needed, although we are happy to have you test your own dependencie chain yourself. > >At this point, we think that comments to both lists are appropriate, given the shared design between the two drafts and the heavy cross-dependencies between the modules. > >--Paul Hoffman, Director >--VPN Consortium Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n09GxnMM027692 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 9 Jan 2009 09:59:49 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n09GxnEG027690; Fri, 9 Jan 2009 09:59:49 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from mail.ietf.org (mail.ietf.org [64.170.98.32]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n09Gxmnl027676 for ; Fri, 9 Jan 2009 09:59:49 -0700 (MST) (envelope-from root@core3.amsl.com) Received: by core3.amsl.com (Postfix, from userid 0) id D2A603A6917; Fri, 9 Jan 2009 09:00:01 -0800 (PST) From: Internet-Drafts@ietf.org To: i-d-announce@ietf.org Cc: ietf-smime@imc.org Subject: I-D Action:draft-ietf-smime-new-asn1-02.txt Content-Type: Multipart/Mixed; Boundary="NextPart" Mime-Version: 1.0 Message-Id: <20090109170001.D2A603A6917@core3.amsl.com> Date: Fri, 9 Jan 2009 09:00:01 -0800 (PST) Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the S/MIME Mail Security Working Group of the IETF. Title : New ASN.1 Modules for CMS and S/MIME Author(s) : P. Hoffman, J. Schaad Filename : draft-ietf-smime-new-asn1-02.txt Pages : 61 Date : 2009-01-09 The Cryptographic Message Syntax (CMS) format, and many associated formats, are expressed using ASN.1. The current ASN.1 modules conform to the 1988 version of ASN.1. This document updates those ASN.1 modules to conform to the 2002 version of ASN.1. There are no bits-on-the-wire changes to any of the formats; this is simply a change to the syntax. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-smime-new-asn1-02.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Message/External-body; name="draft-ietf-smime-new-asn1-02.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2009-01-09084625.I-D@ietf.org> --NextPart-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n09GqPA2027240 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 9 Jan 2009 09:52:25 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n09GqPVn027239; Fri, 9 Jan 2009 09:52:25 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from [10.20.30.158] (dsl-63-249-108-169.cruzio.com [63.249.108.169]) (authenticated bits=0) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n09GqMx0027225 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 9 Jan 2009 09:52:23 -0700 (MST) (envelope-from paul.hoffman@vpnc.org) Mime-Version: 1.0 Message-Id: Date: Fri, 9 Jan 2009 08:52:21 -0800 To: ietf-pkix@imc.org, ietf-smime@imc.org From: Paul Hoffman Subject: New modules drafts posted Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Greetings again. This message should appear after the posting announcements for draft-ietf-pkix-new-asn1-02 and draft-ietf-smime-new-asn1-02 appear. If not, please wait a bit. :-) Jim and I have major changes to the modules, and we think that our work is now done, modulo bug fixes. To that end, we would *really* like folks on either of these two lists who have ASN.1 compilers that handle the 2002 syntax to review the modules carefully and let both lists know if there are any errors. In addition, we are still open to comments on our choice of style for the new objects in the modules. If you want to get copies of the modules without tedious copy-and-pasting, get the latest version of a2c from the a2c project (), specifically either or . The modules are in the test/ directory. The makefile in that directory has all of the dependencies needed, although we are happy to have you test your own dependencie chain yourself. At this point, we think that comments to both lists are appropriate, given the shared design between the two drafts and the heavy cross-dependencies between the modules. --Paul Hoffman, Director --VPN Consortium Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n09GNlxt025072 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 9 Jan 2009 09:23:47 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n09GNlaJ025071; Fri, 9 Jan 2009 09:23:47 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from smtp110.biz.mail.re2.yahoo.com (smtp110.biz.mail.re2.yahoo.com [206.190.53.9]) by balder-227.proper.com (8.14.2/8.14.2) with SMTP id n09GNZfJ025052 for ; Fri, 9 Jan 2009 09:23:46 -0700 (MST) (envelope-from turners@ieca.com) Received: (qmail 84302 invoked from network); 9 Jan 2009 16:23:35 -0000 Received: from unknown (HELO ?192.168.1.2?) (turners@96.241.5.189 with plain) by smtp110.biz.mail.re2.yahoo.com with SMTP; 9 Jan 2009 16:23:34 -0000 X-YMail-OSG: nWEfxsQVM1mofIpDcvIG8eWXmbkMNdc5Vzihp7nGy3Il6Y2215mbC9SoCho4UvOqbCnhvIIxSCm3Pauj11lUKE04Y6.9R4TyUc2.gP5I4LbdByD6tU8FXFS4ZmdYLYRX5kru.rWBHVRkr8FhSjyiwhJL8bTFS2QLqIaodJMkgsapgK48eNmY3BKDE4EkYA-- X-Yahoo-Newman-Property: ymail-3 Message-ID: <49677A01.3040402@ieca.com> Date: Fri, 09 Jan 2009 11:23:29 -0500 From: Sean Turner User-Agent: Thunderbird 2.0.0.19 (Windows/20081209) MIME-Version: 1.0 To: Paul Hoffman CC: Tim Polk , =?ISO-8859-1?Q?Alfred_H=CEnes?= , ietf-smime@imc.org Subject: Re: 3850bis and 3851bis: proposed changes to cryptographic key sizes References: <200901071116.MAA06692@TR-Sys.de> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Paul Hoffman wrote: > At 9:13 AM -0500 1/8/09, Tim Polk wrote: >> Hi Alfred, >> >> The lower bound was dropped for a couple of reasons. Practically speaking, >> any RSA/DSA keys smaller than 1024 bits offer little security. >> Setting any lower bound >> seems to imply that there is a significant break point, and I did not want to give >> that implication. I also thought that implementations might want to set a more >> aggressive bound (e.g., 768 bits) and leaving off the lower bound might >> encourage making an explicit choice rather than supporting 512 because it >> was specified in the table. >> >> Perhaps the right thing would be to add one more sentence in each of the >> security considerations sections. >> >> For 3850bis: >> >> Note that previous versions of this standard set the lower bound for RSA and DSA key >> sizes at 512 bits; implementations that support verification of certificates or CRLs >> generated with weak keys MUST NOT support RSA or DSA keys of less than 512 bits. >> >> For 3851bis: >> >> Note that previous versions of this standard set the lower bound for RSA and DSA key >> sizes at 512 bits; implementations that support verification of digital signatures >> generated with weak keys MUST NOT support RSA or DSA keys of less than 512 bits. >> >> Would that address your concern? > > I cannot say if it affects Alfred's concern, but I *strongly* object to such a normative change at this late date in the document cycle. Your original logic (don't imply a break point) is still valid. There may be perfectly valid local policy for a site to want to support shorter keys for historical reasons. We have already made it clear what the interoperability issues are, and we have set them based on security in the Internet context. The current wording obviously discourages anything under 1024 bits. I think I'm with Paul on not including this text. We're giving a pretty darn big hint not to use keys less than 1024, but if they really really need to they ought to be able to without being considered non-compliant. spt Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n092S1pL086805 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 8 Jan 2009 19:28:01 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n092S1LC086804; Thu, 8 Jan 2009 19:28:01 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from mailhost.auckland.ac.nz (moe.its.auckland.ac.nz [130.216.12.35]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n092RmBk086781; Thu, 8 Jan 2009 19:28:00 -0700 (MST) (envelope-from pgut001@cs.auckland.ac.nz) Received: from localhost (localhost.localdomain [127.0.0.1]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id E119D480B69; Fri, 9 Jan 2009 15:27:47 +1300 (NZDT) X-Virus-Scanned: by amavisd-new at mailhost.auckland.ac.nz Received: from mailhost.auckland.ac.nz ([127.0.0.1]) by localhost (moe.its.auckland.ac.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OQwQOQG9i2MP; Fri, 9 Jan 2009 15:27:47 +1300 (NZDT) Received: from iris.cs.auckland.ac.nz (iris.cs.auckland.ac.nz [130.216.33.152]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id 103DF480A1A; Fri, 9 Jan 2009 15:27:37 +1300 (NZDT) Received: from wintermute01.cs.auckland.ac.nz (wintermute01.cs.auckland.ac.nz [130.216.34.38]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by iris.cs.auckland.ac.nz (Postfix) with ESMTP id 83FDB1AE4003; Fri, 9 Jan 2009 15:27:35 +1300 (NZDT) Received: from pgut001 by wintermute01.cs.auckland.ac.nz with local (Exim 4.63) (envelope-from ) id 1LL75z-0005wf-CT; Fri, 09 Jan 2009 15:27:35 +1300 From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: eric.gray@ericsson.com, pgut001@cs.auckland.ac.nz, tytso@mit.edu Subject: RE: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Cc: cfrg@irtf.org, ietf-pkix@imc.org, ietf-smime@imc.org, saag@ietf.org, tmiller@mitre.org, v.paz@uq.edu.au In-Reply-To: <941D5DCD8C42014FAF70FB7424686DCF0468D33B@eusrcmw721.eamcs.ericsson.se> Message-Id: Date: Fri, 09 Jan 2009 15:27:35 +1300 Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: "Eric Gray" writes: >Since the consumer ultimately pays the price in any case, perhaps a good >argument can be made for paying a portion of it up front? And how are you going to convince the consumer of this? They get "free" protection currently with their credit cards, and now they have to pay for it? (In fact there's already been a case of this failing in the past, when banks asked customers to pay a little extra to get their photos put on their credit cards for fraud protection. Went down like a lead zeppelin). Anything that involves customers having to pay for something that they consider as a right to get for free is going to fail before it even starts. That's actually not as bad as it sounds since it's one of the few hard-and- fast design guidelines for this area, unlike most other things ("this may or may not work, depending on the circumstances"). Peter. Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n08MNuFT076677 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 8 Jan 2009 15:23:56 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n08MNuXs076676; Thu, 8 Jan 2009 15:23:56 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from WOTAN.TR-Sys.de (gateway.tr-sys.de [213.178.172.147]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n08MNfI5076658 for ; Thu, 8 Jan 2009 15:23:53 -0700 (MST) (envelope-from A.Hoenes@tr-sys.de) Received: from ZEUS.TR-Sys.de by w. with ESMTP ($Revision: 1.37.109.26 $/16.3) id AA218623322; Thu, 8 Jan 2009 23:22:02 +0100 Received: (from ah@localhost) by z.TR-Sys.de (8.9.3 (PHNE_25183)/8.7.3) id XAA09406 for ietf-smime@imc.org; Thu, 8 Jan 2009 23:22:01 +0100 (MEZ) Received: from ZEUS.TR-Sys.de by w. with ESMTP ($Revision: 1.37.109.26 $/16.3) id AA217455704; Thu, 8 Jan 2009 18:28:24 +0100 Received: (from ah@localhost) by z.TR-Sys.de (8.9.3 (PHNE_25183)/8.7.3) id SAA09062; Thu, 8 Jan 2009 18:28:23 +0100 (MEZ) From: "Alfred H\Nnes" To: tim.polk@nist.gov Cc: ietf-pkix@imc.org In-Reply-To: from Tim Polk at Jan "8, 2009 09:13:47" am Message-Id: <200901081728.SAA09062@TR-Sys.de> Date: Thu, 8 Jan 2009 18:28:22 +0100 (MEZ) Subject: Re: 3850bis and 3851bis: proposed changes to cryptographic key sizes Mime-Version: 1.0 Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: On Thu, 8 Jan 2009 09:13:47 -0500, Tim Polk wrote: > Hi Alfred, > > The lower bound was dropped for a couple of reasons. Practically > speaking, any RSA/DSA keys smaller than 1024 bits offer little > security. ... Agreed. (... I bet by all -- maybe except the majority of lazy users and admins, and a few vendors ... :-) ) > ... Setting any lower bound seems to imply that there is > a significant break point, and I did not want to give that > implication. My primary observation was that removing the break (that more or less explicitely was present in S/MIME v3.1) might be observed by implementers updating their software as indicating the converse. > I also thought that implementations might want to set a more > aggressive bound (e.g., 768 bits) and leaving off the lower > bound might encourage making an explicit choice rather than > supporting 512 because it was specified in the table. That conceivably is comprised in the "MAY". > Perhaps the right thing would be to add one more sentence in each > of the security considerations sections. > > For 3850bis: > > Note that previous versions of this standard set the lower bound > for RSA and DSA key sizes at 512 bits; implementations that support > verification of certificates or CRLs generated with weak keys MUST > NOT support RSA or DSA keys of less than 512 bits. > > For 3851bis: > > Note that previous versions of this standard set the lower bound > for RSA and DSA key sizes at 512 bits; implementations that support > verification of digital signatures generated with weak keys MUST > NOT support RSA or DSA keys of less than 512 bits. > > Would that address your concern? Only marginally. These additions are useful as they contain additional information not present elsewhere. But my major concern was *not* the considerations for *receiving* agents (signature / certificate / CRL *verification*), it was for agents *generating* signatures (cf. the final paragraph quoted below). All arguments w.r.t. installed base, existing certs, filed messages, etc. hold for the verifier case, but they should not entangle the production of new signatures. Furthermore, despite the iterated parenthetical clause "see Security Considerations" in the quoted requirements sections, I strongly fear that many folks will be tempted to conceive the striking tabular form there as "the message" the memo sends to implementors. If (only) the above explanations (and/or similar text for signature generation) were added to the Security Considerations, then *their* message should be clear -- but it might be overlooked. Furthermore, arguably the tabular forms and the explanations would be inconsistent, with a "MUST NOT" superimposed over the "MAY" in the tabular form. I strongly suspect that this would be perceived as confusing, and at best cause never-ending discussions after the next succcessfully solved RSA Challenge. Therefore, I'd prefer having the "MUST NOT" lines for key size < 512 also added to the tabular listing of (at least) the signature generating requirements. > Thanks, > > Tim Polk One more point: Based on the still ongoing discussion on rogue certificates, the 3850bis Security Considerations should perhaps also be amended giving a perspective on probable ongoing consequences, for instance raising the awareness of the reader for expected enhancements, e.g. the use of Randomized Hashing. I suggest that the PKIX working group should start working on that topic ASAP, and SMIME should build on such work, with a document amending 3850bis. > On Jan 7, 2009, at 6:16 AM, Alfred HÎnes wrote: > >> Folks, >> >> I agree with Paul with regard to the process (new I-D preferable). >> >> The AD proposed changes at first glance are intended to make the >> requirements *stronger* (as far as possible without relying on >> an official version of FIPS PUB 186-3) without sacrificing >> backwards compatibility. >> >> Therefore, I agree with the amended Security Considerations text, >> for both 3850bis and 3581bis, and the changes proposed for >> receiving agent (signature verifier) behavior -- although these >> now allow small key sizes (< 512) which were not allowed by >> RFC 3850, and hence this change comes a bit to surprise. >> >> However, I really do not understand why, at the 'low end', signature >> *generating* agents shall now be allowed (via 'MAY') to generate >> signatures with the even worse key sizes < 512, for both RSA and DSA. >> Since already S/MIME v3.1 agents had no requirement for being able >> to verify such signatures, why now adding the capability to produce >> such signatures ? >> >> ... Kind regards, Alfred. -- +------------------------+--------------------------------------------+ | TR-Sys Alfred Hoenes | Alfred Hoenes Dipl.-Math., Dipl.-Phys. | | Gerlinger Strasse 12 | Phone: (+49)7156/9635-0, Fax: -18 | | D-71254 Ditzingen | E-Mail: ah@TR-Sys.de | +------------------------+--------------------------------------------+ Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n08K0ehQ069460 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 8 Jan 2009 13:00:40 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n08K0e6n069459; Thu, 8 Jan 2009 13:00:40 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from [10.20.30.158] (dsl-63-249-108-169.cruzio.com [63.249.108.169]) (authenticated bits=0) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n08K0WSm069446 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 8 Jan 2009 13:00:33 -0700 (MST) (envelope-from phoffman@imc.org) Mime-Version: 1.0 Message-Id: In-Reply-To: References: <200901071116.MAA06692@TR-Sys.de> Date: Thu, 8 Jan 2009 12:00:30 -0800 To: Tim Polk , Alfred HÎnes From: Paul Hoffman Subject: Re: 3850bis and 3851bis: proposed changes to cryptographic key sizes Cc: ietf-smime@imc.org Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: At 9:13 AM -0500 1/8/09, Tim Polk wrote: >Hi Alfred, > >The lower bound was dropped for a couple of reasons. Practically speaking, >any RSA/DSA keys smaller than 1024 bits offer little security. >Setting any lower bound >seems to imply that there is a significant break point, and I did not want to give >that implication. I also thought that implementations might want to set a more >aggressive bound (e.g., 768 bits) and leaving off the lower bound might >encourage making an explicit choice rather than supporting 512 because it >was specified in the table. > >Perhaps the right thing would be to add one more sentence in each of the >security considerations sections. > >For 3850bis: > >Note that previous versions of this standard set the lower bound for RSA and DSA key >sizes at 512 bits; implementations that support verification of certificates or CRLs >generated with weak keys MUST NOT support RSA or DSA keys of less than 512 bits. > >For 3851bis: > >Note that previous versions of this standard set the lower bound for RSA and DSA key >sizes at 512 bits; implementations that support verification of digital signatures >generated with weak keys MUST NOT support RSA or DSA keys of less than 512 bits. > >Would that address your concern? I cannot say if it affects Alfred's concern, but I *strongly* object to such a normative change at this late date in the document cycle. Your original logic (don't imply a break point) is still valid. There may be perfectly valid local policy for a site to want to support shorter keys for historical reasons. We have already made it clear what the interoperability issues are, and we have set them based on security in the Internet context. The current wording obviously discourages anything under 1024 bits. Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n08IL1a8064571 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 8 Jan 2009 11:21:01 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n08IL1Qd064569; Thu, 8 Jan 2009 11:21:01 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from [10.20.30.158] (dsl-63-249-108-169.cruzio.com [63.249.108.169]) (authenticated bits=0) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n08IKuSG064552 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 8 Jan 2009 11:20:57 -0700 (MST) (envelope-from paul.hoffman@vpnc.org) Mime-Version: 1.0 Message-Id: In-Reply-To: <20090108163430.GH20121@mit.edu> References: <20090108135752.GC20121@mit.edu> <941D5DCD8C42014FAF70FB7424686DCF0468D33B@eusrcmw721.eamcs.ericsson.se> <20090108145058.GE20121@mit.edu> <941D5DCD8C42014FAF70FB7424686DCF0468D3FE@eusrcmw721.eamcs.ericsson.se> <20090108163430.GH20121@mit.edu> Date: Thu, 8 Jan 2009 10:20:55 -0800 To: cfrg@irtf.org, ietf-smime@imc.org, saag@ietf.org, ietf-pkix@imc.org From: Paul Hoffman Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogueCAcertificate Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Folks: is rehashing the blue-sky discussions of how to create a better trust model for SSL without a stable proposal to look at really a good use of the the CFRG, SAAG, S/MIME, and PKIX mailing lists? If you want to be serious about this, please write an Internet Draft and set up a mailing list for the discussion. Invite people from these lists to join, and maybe announce revisions to your draft. Be sure to invite people from the Mozilla security community: they are having their own (perpetually repeating) discussion of this, again without a stable document to comment on. We *can* change the security model, but not with the current method of discussion-without-focus. --Paul Hoffman, Director --VPN Consortium Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n08GYl9U057363 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 8 Jan 2009 09:34:47 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n08GYlXx057361; Thu, 8 Jan 2009 09:34:47 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from thunker.thunk.org (THUNK.ORG [69.25.196.29]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n08GYiSg057336 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO); Thu, 8 Jan 2009 09:34:45 -0700 (MST) (envelope-from tytso@mit.edu) Received: from root (helo=closure.thunk.org) by thunker.thunk.org with local-esmtp (Exim 4.50 #1 (Debian)) id 1LKxq3-0007Zm-7B; Thu, 08 Jan 2009 11:34:31 -0500 Received: from tytso by closure.thunk.org with local (Exim 4.69) (envelope-from ) id 1LKxq2-0007BP-72; Thu, 08 Jan 2009 11:34:30 -0500 Date: Thu, 8 Jan 2009 11:34:30 -0500 From: Theodore Tso To: Eric Gray Cc: Peter Gutmann , v.paz@uq.edu.au, cfrg@irtf.org, ietf-smime@imc.org, saag@ietf.org, ietf-pkix@imc.org, tmiller@mitre.org Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogueCAcertificate Message-ID: <20090108163430.GH20121@mit.edu> References: <20090108135752.GC20121@mit.edu> <941D5DCD8C42014FAF70FB7424686DCF0468D33B@eusrcmw721.eamcs.ericsson.se> <20090108145058.GE20121@mit.edu> <941D5DCD8C42014FAF70FB7424686DCF0468D3FE@eusrcmw721.eamcs.ericsson.se> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <941D5DCD8C42014FAF70FB7424686DCF0468D3FE@eusrcmw721.eamcs.ericsson.se> User-Agent: Mutt/1.5.17+20080114 (2008-01-14) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: tytso@mit.edu X-SA-Exim-Scanned: No (on thunker.thunk.org); SAEximRunCond expanded to false Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: On Thu, Jan 08, 2009 at 09:11:21AM -0600, Eric Gray wrote: > As a result, some organizations already pay for news-feeds > from known (verifiably) reliable sources. Because on-line news is > also valuable because it's quickly delivered. No matter how you > get it, it's not necessarily free. Some do; some of us even subscribe to dead-tree versions of the newspapers even though we do most of our reading on-line, on the general theory that it's good public policy to support the Fourth Estate (since they serve a critical function keeping the government honest), even though we do most of our news reading online. The problem is very few people are willing to pay for on-line news when they can get the New York Times at http://www.nytimes.com (and many other news sources) for free. > As the Heinlein acronym "TANSTAAFL" says, there ain't no > such thing as a free lunch. And I suspect that an increasingly > large number of people are coming to really understand that. Yes, but there are a huge number of people who are used to receiving a lot of these services either for free, or bundled into prices (which have gotten cheaper as a result of e-commerce). This is basically the classic Tragedy of the Commons problem; how many people can *honestly* say that they've never gone to Best Buy or Circuit City to examine some device or gadget in person, and then gone on to buy it on-line because it was cheaper? And did so even though it should be *obvious* that the TANSTAAFL principle applied, and would in the long-run lead to the weakening or disappearance of the bricks-and-morter stores? - Ted Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n08G5hj5055328 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 8 Jan 2009 09:05:43 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n08G5hrw055327; Thu, 8 Jan 2009 09:05:43 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from smtp.nist.gov (rimp2.nist.gov [129.6.16.227]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n08G5Vce055312 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 8 Jan 2009 09:05:42 -0700 (MST) (envelope-from tim.polk@nist.gov) Received: from [192.168.15.166] (bethany.ncsl.nist.gov [129.6.52.15]) by smtp.nist.gov (8.13.1/8.13.1) with ESMTP id n08G5Ouu006074; Thu, 8 Jan 2009 11:05:26 -0500 In-Reply-To: <200901071116.MAA06692@TR-Sys.de> References: <200901071116.MAA06692@TR-Sys.de> Mime-Version: 1.0 (Apple Message framework v753.1) Content-Type: text/plain; charset=ISO-8859-1; delsp=yes; format=flowed Message-Id: Cc: ietf-smime@imc.org Content-Transfer-Encoding: quoted-printable From: Tim Polk Subject: Re: 3850bis and 3851bis: proposed changes to cryptographic key sizes Date: Thu, 8 Jan 2009 09:13:47 -0500 To: =?ISO-8859-1?Q?Alfred_H=CEnes?= X-Mailer: Apple Mail (2.753.1) X-NIST-MailScanner: Found to be clean X-NIST-MailScanner-From: tim.polk@nist.gov Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Hi Alfred, The lower bound was dropped for a couple of reasons. Practically =20 speaking, any RSA/DSA keys smaller than 1024 bits offer little security. =20 Setting any lower bound seems to imply that there is a significant break point, and I did not =20= want to give that implication. I also thought that implementations might want to =20 set a more aggressive bound (e.g., 768 bits) and leaving off the lower bound might encourage making an explicit choice rather than supporting 512 =20 because it was specified in the table. Perhaps the right thing would be to add one more sentence in each of the security considerations sections. For 3850bis: Note that previous versions of this standard set the lower bound for =20 RSA and DSA key sizes at 512 bits; implementations that support verification of =20 certificates or CRLs generated with weak keys MUST NOT support RSA or DSA keys of less =20 than 512 bits. For 3851bis: Note that previous versions of this standard set the lower bound for =20 RSA and DSA key sizes at 512 bits; implementations that support verification of =20 digital signatures generated with weak keys MUST NOT support RSA or DSA keys of less =20 than 512 bits. Would that address your concern? Thanks, Tim Polk On Jan 7, 2009, at 6:16 AM, Alfred H=CEnes wrote: > Folks, > > I agree with Paul with regard to the process (new I-D preferable). > > The AD proposed changes at first glance are intended to make the > requirements *stronger* (as far as possible without relying on > an official version of FIPS PUB 186-3) without sacrificing > backwards compatibility. > > Therefore, I agree with the amended Security Considerations text, > for both 3850bis and 3581 bis, and the changes proposed for > receiving agent (signature verifier) behavior -- although these > now allow small key sizes (< 512) which were not allowed by > RFC 3850, and hence this change comes a bit to surprise. > > However, I really do not understand why, at the 'low end', signature > *generating* agents shall now be allowed (via 'MAY') to generate > signatures with the even worse key sizes < 512, for both RSA and DSA. > Since already S/MIME v3.1 agents had no requirement for being able > to verify such signatures, why now adding the capability to produce > such signatures ? > > > Finally, nits for 3851bis, in (1) / Section 4.2 : > > - I suggest s!generated!generating! > > - Also, for alignment with (2) / Section 4.3, > it might be preferable to use plural: > > s!an S/MIME agent!S/MIME agents! > > > Kind regards, > Alfred. > > --=20 > > +------------------------=20 > +--------------------------------------------+ > | TR-Sys Alfred Hoenes | Alfred Hoenes Dipl.-Math., Dipl.-=20 > Phys. | > | Gerlinger Strasse 12 | Phone: (+49)7156/9635-0, Fax: =20 > -18 | > | D-71254 Ditzingen | E-Mail: ah@TR-=20 > Sys.de | > +------------------------=20 > +--------------------------------------------+ > Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n08EpBXU049968 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 8 Jan 2009 07:51:11 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n08EpBav049966; Thu, 8 Jan 2009 07:51:11 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from thunker.thunk.org (THUNK.ORG [69.25.196.29]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n08Ep9jx049956 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO); Thu, 8 Jan 2009 07:51:10 -0700 (MST) (envelope-from tytso@mit.edu) Received: from root (helo=closure.thunk.org) by thunker.thunk.org with local-esmtp (Exim 4.50 #1 (Debian)) id 1LKwDr-0007QE-7O; Thu, 08 Jan 2009 09:50:59 -0500 Received: from tytso by closure.thunk.org with local (Exim 4.69) (envelope-from ) id 1LKwDq-0006X6-A8; Thu, 08 Jan 2009 09:50:58 -0500 Date: Thu, 8 Jan 2009 09:50:58 -0500 From: Theodore Tso To: Eric Gray Cc: Peter Gutmann , v.paz@uq.edu.au, cfrg@irtf.org, ietf-smime@imc.org, saag@ietf.org, ietf-pkix@imc.org, tmiller@mitre.org Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Message-ID: <20090108145058.GE20121@mit.edu> References: <20090108135752.GC20121@mit.edu> <941D5DCD8C42014FAF70FB7424686DCF0468D33B@eusrcmw721.eamcs.ericsson.se> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <941D5DCD8C42014FAF70FB7424686DCF0468D33B@eusrcmw721.eamcs.ericsson.se> User-Agent: Mutt/1.5.17+20080114 (2008-01-14) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: tytso@mit.edu X-SA-Exim-Scanned: No (on thunker.thunk.org); SAEximRunCond expanded to false Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: On Thu, Jan 08, 2009 at 08:16:33AM -0600, Eric Gray wrote: > The notion of merchants and bankers "bearing the burden" is a > great fiction - at least if you're considering them as a group. In > individual cases, individual merchants/bankers will absorb losses, > but either that means they go out of business (which we see > sometimes) or they survive to defray their losses by charging > consumers more for their products and services. I didn't say it was a good way to run a railroad --- just as having more and more people read their news on-line for free, while reporters are paid via a business model that depends on rapidly diminishing advertising revenues for print and on-line banner ads, plus the vanishingly small number of people willing to pay for dead-tree versions of newspapers is a great way of running things. But the problem is very similar; if at least in the US, consumers are used to a model where they only pay for the costs of fraud via a surcharge which is hidden in the cost of the on-line merchant's prices, how do you convince them that it is worthwhile to pay for a trust certification service? Especially given that a merchant is still going to have to pay the 3% credit card fee to the credit card companies, which ends up showing up in the price of goods and/or services? > Since the consumer ultimately pays the price in any case, > perhaps a good argument can be made for paying a portion of it up > front? >From a public policy POV, perhaps. How you actually convince the consumers, merchants, credit card companies, and the rest of the system to transition from the current scheme to this new scheme is much more difficult than writing an RFC, alas. (And as we all know, writing and publishing RFC is no guarantee that the market will listen to us.) - Ted Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n08ELhLB048009 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 8 Jan 2009 07:21:43 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n08ELhYU048006; Thu, 8 Jan 2009 07:21:43 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from smtp-bedford.mitre.org (smtp-bedford.mitre.org [129.83.20.191]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n08ELV97047986; Thu, 8 Jan 2009 07:21:41 -0700 (MST) (envelope-from tmiller@mitre.org) Received: from smtp-bedford.mitre.org (localhost.localdomain [127.0.0.1]) by smtp-bedford.mitre.org (8.13.1/8.13.1) with ESMTP id n08ELTmP012803; Thu, 8 Jan 2009 09:21:30 -0500 Received: from imchub1.MITRE.ORG (imchub1.mitre.org [129.83.29.73]) by smtp-bedford.mitre.org (8.13.1/8.13.1) with ESMTP id n08ELSka012744; Thu, 8 Jan 2009 09:21:28 -0500 Received: from [129.83.200.2] (129.83.200.2) by imchub1.MITRE.ORG (129.83.29.73) with Microsoft SMTP Server (TLS) id 8.1.311.2; Thu, 8 Jan 2009 09:21:28 -0500 Message-ID: <49660BCB.8000809@mitre.org> Date: Thu, 8 Jan 2009 08:20:59 -0600 From: "Timothy J. Miller" User-Agent: Thunderbird 2.0.0.19 (Windows/20081209) MIME-Version: 1.0 To: Jeffrey Hutzelman CC: Peter Gutmann , "v.paz@uq.edu.au" , "cfrg@irtf.org" , "ietf-pkix@imc.org" , "ietf-smime@imc.org" , "saag@ietf.org" Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate References: In-Reply-To: Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms000306050806080101080606" Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: --------------ms000306050806080101080606 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Jeffrey Hutzelman wrote: > Note that charging a fee for this service is not absurd. Lots of people > (consumers) pay fees for up-to-date lists of virus signatures, phishing > sites, spam-blocking rules, and so on. Actually, most consumers keep these up-to-date only as long as the free trial period given to them when they bought the computer lasts, and then cease to care. The core business for these companies is business contracts. -- Tim --------------ms000306050806080101080606 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIKvjCC A2cwggJPoAMCAQICAh8FMA0GCSqGSIb3DQEBBQUAMF0xEjAQBgNVBAoTCW1pdHJlLm9yZzEe MBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MScwJQYDVQQDEx5NSVRSRSBDb3Jwb3Jh dGlvbiBQcmltYXJ5IENBLTEwHhcNMDgwODIxMTUzMTI5WhcNMTAwMjEyMTUzMTI5WjBaMRIw EAYDVQQKEwltaXRyZS5vcmcxDzANBgNVBAsTBnBlb3BsZTEXMBUGCgmSJomT8ixkAQETB3Rt aWxsZXIxGjAYBgNVBAMTEU1pbGxlciBUaW1vdGh5IEouMIGfMA0GCSqGSIb3DQEBAQUAA4GN ADCBiQKBgQCTxM+z5fDKvmBInGatv0DkVwuOxd69S2M2jho8QkOltYJK/4JUm9uK0UtQZkyI bEjmCpmXLw17iMCgA0SjwuUfJxdF8ntTys8keyMjRdlKSwFnkgZl9tL7o060LBtZQYzI5ajr W9k3N768G/k1bZS5UYiMGHU5+Ygl4IwVhmQv3wIDAQABo4G3MIG0MA4GA1UdDwEB/wQEAwIF 4DAdBgNVHQ4EFgQUSXARqmj5Bl2Lz7RLoUIkuOHl0MkwHwYDVR0jBBgwFoAUh7QPSI1iM0LB LVEaSB7CnrsKsa0wRAYDVR0fBD0wOzA5oDegNYYzaHR0cDovL3d3dy5taXRyZS5vcmcvdGVj aC9taWkvcGtpL2NhMV9taXRyZV9vcmcuY3JsMBwGA1UdEQQVMBOBEXRtaWxsZXJAbWl0cmUu b3JnMA0GCSqGSIb3DQEBBQUAA4IBAQAbA1PH/hed/rryO1f0yfTRJnD/vL1rFTduUut/irL7 FSXHGybuPHxydfyGPvJ4qj+T8hs1W0jTa2zQnaPR52tms3hefl76CNVP9vJoVmaM9svFX4DX 6eJh/4SAI81tAuBIK8gxsWd1Va/Bnnh1/wsZLc8w2jkojVqkT2AHPaHS3DBKX7QAWovXVSxY QlqMIH4zvSNSVfpvpIf0MWJWRBPvgerVSbJsA4dz6ziKvXDWySTV9zwSuNjikNqL//nIKwjb r3ZOfSUOxSuhW58an2Ha4TdORvG4dGJEsMzxbpTB+wt/s6tK6roONV4uiDtODBNVAG+XGofe McsS0b7iXdxDMIIDZzCCAk+gAwIBAgICHwUwDQYJKoZIhvcNAQEFBQAwXTESMBAGA1UEChMJ bWl0cmUub3JnMR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxJzAlBgNVBAMTHk1J VFJFIENvcnBvcmF0aW9uIFByaW1hcnkgQ0EtMTAeFw0wODA4MjExNTMxMjlaFw0xMDAyMTIx NTMxMjlaMFoxEjAQBgNVBAoTCW1pdHJlLm9yZzEPMA0GA1UECxMGcGVvcGxlMRcwFQYKCZIm iZPyLGQBARMHdG1pbGxlcjEaMBgGA1UEAxMRTWlsbGVyIFRpbW90aHkgSi4wgZ8wDQYJKoZI hvcNAQEBBQADgY0AMIGJAoGBAJPEz7Pl8Mq+YEicZq2/QORXC47F3r1LYzaOGjxCQ6W1gkr/ glSb24rRS1BmTIhsSOYKmZcvDXuIwKADRKPC5R8nF0Xye1PKzyR7IyNF2UpLAWeSBmX20vuj TrQsG1lBjMjlqOtb2Tc3vrwb+TVtlLlRiIwYdTn5iCXgjBWGZC/fAgMBAAGjgbcwgbQwDgYD VR0PAQH/BAQDAgXgMB0GA1UdDgQWBBRJcBGqaPkGXYvPtEuhQiS44eXQyTAfBgNVHSMEGDAW gBSHtA9IjWIzQsEtURpIHsKeuwqxrTBEBgNVHR8EPTA7MDmgN6A1hjNodHRwOi8vd3d3Lm1p dHJlLm9yZy90ZWNoL21paS9wa2kvY2ExX21pdHJlX29yZy5jcmwwHAYDVR0RBBUwE4ERdG1p bGxlckBtaXRyZS5vcmcwDQYJKoZIhvcNAQEFBQADggEBABsDU8f+F53+uvI7V/TJ9NEmcP+8 vWsVN25S63+KsvsVJccbJu48fHJ1/IY+8niqP5PyGzVbSNNrbNCdo9Hna2azeF5+XvoI1U/2 8mhWZoz2y8VfgNfp4mH/hIAjzW0C4EgryDGxZ3VVr8GeeHX/CxktzzDaOSiNWqRPYAc9odLc MEpftABai9dVLFhCWowgfjO9I1JV+m+kh/QxYlZEE++B6tVJsmwDh3PrOIq9cNbJJNX3PBK4 2OKQ2ov/+cgrCNuvdk59JQ7FK6FbnxqfYdrhN05G8bh0YkSwzPFulMH7C3+zq0rqug41Xi6I O04ME1UAb5cah94xyxLRvuJd3EMwggPkMIICzKADAgECAgEFMA0GCSqGSIb3DQEBBQUAMFox EjAQBgNVBAoTCW1pdHJlLm9yZzEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MSQw IgYDVQQDExtNSVRSRSBDb3Jwb3JhdGlvbiBSb290IENBLTEwHhcNMDYwNjAzMTcxMzIyWhcN MTIwNjAzMTcxMzIyWjBdMRIwEAYDVQQKEwltaXRyZS5vcmcxHjAcBgNVBAsTFUNlcnRpZmlj YXRlIEF1dGhvcml0eTEnMCUGA1UEAxMeTUlUUkUgQ29ycG9yYXRpb24gUHJpbWFyeSBDQS0x MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyPB7Vl0QgqgQt0u8Q2duRs7eZUPn hlflKPFPMXGG+iqGpImYs6nfbFPsn0q8FqklFsm/UEV2JJQ3c7Srwfrqe9CrCbVFh761OxZI 7fnUWiUasNP2ING19aAfrQ8IoJsAEtGzHeIacS+M5CN4C0yfUC6CpBZTc9ZldjLUatvJr407 K1i+7WnrRsMVKhICfgmiO/XiVR9YeXyzeRqFrLy6YtJCJuJd0QRfwKtKRpek5oU67Izr7ClH DtPJs7UOTjMYBS2fTzztC+wwOTp6+A3ZbEymuQcAZRwmGkjVBe2R8MiX26R02Iigz+903ZAL /6bpvx0DnkrlR2UFr1KBGfBqmQIDAQABo4GxMIGuMBIGA1UdEwEB/wQIMAYBAf8CAQIwDgYD VR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSHtA9IjWIzQsEtURpIHsKeuwqxrTAfBgNVHSMEGDAW gBTHcFEA2E3+5AHUaJbFPZ+al/50LzBIBgNVHR8EQTA/MD2gO6A5hjdodHRwOi8vd3d3Lm1p dHJlLm9yZy90ZWNoL21paS9wa2kvcm9vdGNhMV9taXRyZV9vcmcuY3JsMA0GCSqGSIb3DQEB BQUAA4IBAQBNbm7rrins3SICPbteX9qSN1+RJClqix/pw3IAe7u60LK0V9jVZ9E2a+c0MZiS ojdcwU5rXxI2OI2wwIf6wVBo76jIOc+IiQRlC+V8YatGmoibqP/8WDPzlud/WQAzkjrU2nuh 8KdyJG+n1kH/6772Lbra2CIk8mu8FypeaB5P2uIJzdE+PGo82ZiyU680ukiJ9yF6UmEXuciB 77tGQBRxMl6ePzIrArQnf48SmBhFD5XYLraueOiG7E+AzD99ig1M6WHcxWXtp3DIrVqE/DZr 146NJaCWqg9NoE14cmpEllnpWLtLnn5UBYJ+QCozmbe1SJXOOynZ0VxMnGdh7NqgMYICqDCC AqQCAQEwYzBdMRIwEAYDVQQKEwltaXRyZS5vcmcxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1 dGhvcml0eTEnMCUGA1UEAxMeTUlUUkUgQ29ycG9yYXRpb24gUHJpbWFyeSBDQS0xAgIfBTAJ BgUrDgMCGgUAoIIBmzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEP Fw0wOTAxMDgxNDIwNTlaMCMGCSqGSIb3DQEJBDEWBBRhJ8OPKskpKyb409QzoLQfobWV4jBS BgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0D AgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDByBgkrBgEEAYI3EAQxZTBjMF0xEjAQBgNV BAoTCW1pdHJlLm9yZzEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MScwJQYDVQQD Ex5NSVRSRSBDb3Jwb3JhdGlvbiBQcmltYXJ5IENBLTECAh8FMHQGCyqGSIb3DQEJEAILMWWg YzBdMRIwEAYDVQQKEwltaXRyZS5vcmcxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0 eTEnMCUGA1UEAxMeTUlUUkUgQ29ycG9yYXRpb24gUHJpbWFyeSBDQS0xAgIfBTANBgkqhkiG 9w0BAQEFAASBgDBLEFj0m7V/YBruCeqkQOL5+50I4wjSl4F7hbwnsA/gW3p7PxNvfJS69qTn 6YVdQIoNfYEsr4bhwHtn1fz373t0puwCZG3u4koo1P7KuagH0ja1JKvuJBwHNWI2wU+6g9CF xKN5jCoDe+7QmWB1WLOpC1S/M6mpmc+c3XbX4y2EAAAAAAAA --------------ms000306050806080101080606-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n08E8YfZ046642 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 8 Jan 2009 07:08:34 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n08E8Xvc046636; Thu, 8 Jan 2009 07:08:33 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from jackfruit.srv.cs.cmu.edu (JACKFRUIT.SRV.CS.CMU.EDU [128.2.201.16]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n08E8Wud046617 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Thu, 8 Jan 2009 07:08:33 -0700 (MST) (envelope-from jhutz@cmu.edu) Received: from MINBAR.FAC.CS.CMU.EDU (MINBAR.FAC.CS.CMU.EDU [128.2.216.42]) (authenticated bits=0) by jackfruit.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id n08E8MJp005143 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 8 Jan 2009 09:08:22 -0500 (EST) Date: Thu, 08 Jan 2009 09:08:22 -0500 From: Jeffrey Hutzelman To: Peter Gutmann , v.paz@uq.edu.au cc: cfrg@irtf.org, ietf-pkix@imc.org, ietf-smime@imc.org, saag@ietf.org, tmiller@mitre.org, jhutz@cmu.edu Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Message-ID: <34201D87D99D2E7BF3467C9A@minbar.fac.cs.cmu.edu> In-Reply-To: References: X-Mailer: Mulberry/4.0.8 (Linux/x86) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Scanned-By: mimedefang-cmuscs on 128.2.201.16 Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: --On Friday, January 09, 2009 02:17:44 AM +1300 Peter Gutmann wrote: > Jeffrey Hutzelman writes: > >> Note that charging a fee for this service is not absurd. Lots of people >> (consumers) pay fees for up-to-date lists of virus signatures, phishing >> sites, spam-blocking rules, and so on. > > Conceptually it's not absurd, but how are you going to persuade a > billion-odd users that they need to pay for something that they've been > conditioned to get for free? Will you promise to indemnify them against > identity theft (via phishing) if they sign up to your service? What > value-add will you offer that will convince the drool-and-click masses to > pay for your service? Convince the insurance companies to give discounts on "identity theft" insurance (yes, this product exists and is pretty common; it covers the costs of tracking down and fixing the results of fraud that, under the present system, are borne _not_ by the banks or merchants but by the individual who was impersonated). Convince the security software companies to add this service to their bundles. Plenty of people buy that stuff. Convince the banks to change their rules to make you responsible for unauthorized access if it would have been prevented by such a service and you weren't using one. -- Jeff Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n08DwI6C045768 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 8 Jan 2009 06:58:18 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n08DwI77045767; Thu, 8 Jan 2009 06:58:18 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from thunker.thunk.org (THUNK.ORG [69.25.196.29]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n08Dw5vT045732 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO); Thu, 8 Jan 2009 06:58:16 -0700 (MST) (envelope-from tytso@mit.edu) Received: from root (helo=closure.thunk.org) by thunker.thunk.org with local-esmtp (Exim 4.50 #1 (Debian)) id 1LKvOT-0007Ly-J8; Thu, 08 Jan 2009 08:57:53 -0500 Received: from tytso by closure.thunk.org with local (Exim 4.69) (envelope-from ) id 1LKvOS-0006Ca-R3; Thu, 08 Jan 2009 08:57:52 -0500 Date: Thu, 8 Jan 2009 08:57:52 -0500 From: Theodore Tso To: Peter Gutmann Cc: jhutz@cmu.edu, v.paz@uq.edu.au, tmiller@mitre.org, ietf-pkix@imc.org, ietf-smime@imc.org, cfrg@irtf.org, saag@ietf.org Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Message-ID: <20090108135752.GC20121@mit.edu> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.17+20080114 (2008-01-14) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: tytso@mit.edu X-SA-Exim-Scanned: No (on thunker.thunk.org); SAEximRunCond expanded to false Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: On Fri, Jan 09, 2009 at 02:17:44AM +1300, Peter Gutmann wrote: > > Conceptually it's not absurd, but how are you going to persuade a > billion-odd users that they need to pay for something that they've > been conditioned to get for free? Will you promise to indemnify > them against identity theft (via phishing) if they sign up to your > service? What value-add will you offer that will convince the > drool-and-click masses to pay for your service? Especially since the market has already come up with a solution that involves the merchants and the credit card companies bearing the burden of most fraud losses... - Ted Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n08DI64x043625 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 8 Jan 2009 06:18:06 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n08DI68f043624; Thu, 8 Jan 2009 06:18:06 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from mailhost.auckland.ac.nz (larry.its.auckland.ac.nz [130.216.12.34]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n08DHs51043586; Thu, 8 Jan 2009 06:18:05 -0700 (MST) (envelope-from pgut001@cs.auckland.ac.nz) Received: from localhost (localhost.localdomain [127.0.0.1]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id 0A48E199E2; Fri, 9 Jan 2009 02:17:54 +1300 (NZDT) X-Virus-Scanned: by amavisd-new at mailhost.auckland.ac.nz Received: from mailhost.auckland.ac.nz ([127.0.0.1]) by localhost (larry.its.auckland.ac.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gFtiCLKZ2K+g; Fri, 9 Jan 2009 02:17:53 +1300 (NZDT) Received: from iris.cs.auckland.ac.nz (iris.cs.auckland.ac.nz [130.216.33.152]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id 2C9BB19ABA; Fri, 9 Jan 2009 02:17:51 +1300 (NZDT) Received: from wintermute01.cs.auckland.ac.nz (wintermute01.cs.auckland.ac.nz [130.216.34.38]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by iris.cs.auckland.ac.nz (Postfix) with ESMTP id 761C91BE4002; Fri, 9 Jan 2009 02:17:44 +1300 (NZDT) Received: from pgut001 by wintermute01.cs.auckland.ac.nz with local (Exim 4.63) (envelope-from ) id 1LKulc-0003IJ-4X; Fri, 09 Jan 2009 02:17:44 +1300 From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: jhutz@cmu.edu, pgut001@cs.auckland.ac.nz, v.paz@uq.edu.au Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Cc: cfrg@irtf.org, ietf-pkix@imc.org, ietf-smime@imc.org, saag@ietf.org, tmiller@mitre.org In-Reply-To: Message-Id: Date: Fri, 09 Jan 2009 02:17:44 +1300 Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Jeffrey Hutzelman writes: >Note that charging a fee for this service is not absurd. Lots of people >(consumers) pay fees for up-to-date lists of virus signatures, phishing >sites, spam-blocking rules, and so on. Conceptually it's not absurd, but how are you going to persuade a billion-odd users that they need to pay for something that they've been conditioned to get for free? Will you promise to indemnify them against identity theft (via phishing) if they sign up to your service? What value-add will you offer that will convince the drool-and-click masses to pay for your service? Peter. Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n08CVZAT041158 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 8 Jan 2009 05:31:35 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n08CVZRS041156; Thu, 8 Jan 2009 05:31:35 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from jackfruit.srv.cs.cmu.edu (JACKFRUIT.SRV.CS.CMU.EDU [128.2.201.16]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n08CVNS7041129 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Thu, 8 Jan 2009 05:31:34 -0700 (MST) (envelope-from jhutz@cmu.edu) Received: from MINBAR.FAC.CS.CMU.EDU (MINBAR.FAC.CS.CMU.EDU [128.2.216.42]) (authenticated bits=0) by jackfruit.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id n08CV9b5003696 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 8 Jan 2009 07:31:10 -0500 (EST) Date: Thu, 08 Jan 2009 07:31:09 -0500 From: Jeffrey Hutzelman To: Peter Gutmann , v.paz@uq.edu.au cc: cfrg@irtf.org, ietf-pkix@imc.org, ietf-smime@imc.org, saag@ietf.org, tmiller@mitre.org, jhutz@cmu.edu Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Message-ID: In-Reply-To: References: X-Mailer: Mulberry/4.0.8 (Linux/x86) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Scanned-By: mimedefang-cmuscs on 128.2.201.16 Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: --On Thursday, January 08, 2009 08:23:55 PM +1300 Peter Gutmann wrote: > Jeffrey Hutzelman writes: > >> Perhaps a solution to this is a new model. > > A good start... > >> which for a fee provides > > ... and it just failed right there. Perhaps, but it's fairly well essential. That fee is the basis for the trust anchor provider's contractual obligation to the end user. Drop that, and the whole thing falls apart. Note that charging a fee for this service is not absurd. Lots of people (consumers) pay fees for up-to-date lists of virus signatures, phishing sites, spam-blocking rules, and so on. -- Jeff Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n087OGNn024769 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 8 Jan 2009 00:24:16 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n087OGDK024767; Thu, 8 Jan 2009 00:24:16 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from mailhost.auckland.ac.nz (curly.its.auckland.ac.nz [130.216.12.33]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n087O4X0024746; Thu, 8 Jan 2009 00:24:15 -0700 (MST) (envelope-from pgut001@cs.auckland.ac.nz) Received: from localhost (localhost.localdomain [127.0.0.1]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id 2516B9E5B5; Thu, 8 Jan 2009 20:24:04 +1300 (NZDT) X-Virus-Scanned: by amavisd-new at mailhost.auckland.ac.nz Received: from mailhost.auckland.ac.nz ([127.0.0.1]) by localhost (curly.its.auckland.ac.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h+pssntYkJXL; Thu, 8 Jan 2009 20:24:04 +1300 (NZDT) Received: from iris.cs.auckland.ac.nz (iris.cs.auckland.ac.nz [130.216.33.152]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id 5EB4C9E529; Thu, 8 Jan 2009 20:24:01 +1300 (NZDT) Received: from wintermute01.cs.auckland.ac.nz (wintermute01.cs.auckland.ac.nz [130.216.34.38]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by iris.cs.auckland.ac.nz (Postfix) with ESMTP id BDC571BE4002; Thu, 8 Jan 2009 20:23:55 +1300 (NZDT) Received: from pgut001 by wintermute01.cs.auckland.ac.nz with local (Exim 4.63) (envelope-from ) id 1LKpFD-0002LS-Ks; Thu, 08 Jan 2009 20:23:55 +1300 From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: jhutz@cmu.edu, pgut001@cs.auckland.ac.nz, v.paz@uq.edu.au Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Cc: cfrg@irtf.org, ietf-pkix@imc.org, ietf-smime@imc.org, saag@ietf.org, tmiller@mitre.org In-Reply-To: <2125BB6F6871041891AD145D@atlantis.pc.cs.cmu.edu> Message-Id: Date: Thu, 08 Jan 2009 20:23:55 +1300 Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Jeffrey Hutzelman writes: >Perhaps a solution to this is a new model. A good start... >which for a fee provides ... and it just failed right there. Peter :-). Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n086aV3w022852 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 7 Jan 2009 23:36:31 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n086aUHw022850; Wed, 7 Jan 2009 23:36:30 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from mail.ascertia.com (server5852.dedicated.webfusion.co.uk [81.21.74.134]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n086aIi7022835; Wed, 7 Jan 2009 23:36:29 -0700 (MST) (envelope-from liaquat.khan@ascertia.com) Received: from ASCUK001 ([87.201.190.32]) by ds5852.dedicated.turbodns.co.uk with MailEnable ESMTP; Thu, 08 Jan 2009 06:36:45 +0000 From: "Liaquat Khan" To: "'Jeffrey Hutzelman'" , "'Peter Gutmann'" , Cc: , , , , References: <200901080421.n084LXid025471@raisinbran.srv.cs.cmu.edu> <2125BB6F6871041891AD145D@atlantis.pc.cs.cmu.edu> Subject: RE: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Date: Thu, 8 Jan 2009 10:35:31 +0400 Message-ID: <5FAA73B18D1A43E088BFE298631450BB@ASCUK001> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 11 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579 In-Reply-To: <2125BB6F6871041891AD145D@atlantis.pc.cs.cmu.edu> Thread-Index: AclxVRJNA4tWjn2gR7CFY2ggvUDA7wAAvShw X-ME-Bayesian: 0.000000 Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Jeff, what you describe is similar to the concept of a "validation authority", which has been around for a while. A VA service has a contractual relationship with RPs, and is responsible for responding on trustworthiness of certificates (and/or signatures). XKMS/SCVP/DSS protocols support this concept. There is at least one commercial entity (our partner DNV), which is offering such a service currently: http://www.dnv.com/services/verification/vas/index.asp Importantly in addition to validating the trustworthiness of the certificate, DNV also offer a security quality rating for the certificate (based on the CA's audited policy/practices, hash and public key algorithms used and key lengths etc.). Such a quality rating service is important in examples like this where a certificate is trusted because it chains to a trust anchor, but is not considered acceptable because it fails a minimum quality rating required by the RP. However although Ascertia offers products which interface with Validation Authority service providers, the standard browser is not yet capable of this and is unlikely to be for some time. Regards, LK -----Original Message----- From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org] On Behalf Of Jeffrey Hutzelman Sent: 08 January 2009 09:45 To: Peter Gutmann; v.paz@uq.edu.au Cc: tmiller@mitre.org; ietf-pkix@imc.org; ietf-smime@imc.org; cfrg@irtf.org; saag@ietf.org; jhutz@cmu.edu Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate --On Thursday, January 08, 2009 05:21:22 PM +1300 Peter Gutmann wrote: > Even then it's a rather indirect approach that doesn't really target the > guilty party since you're scaring the user who is supposed to exert > pressure on the site which is then supposed to pressure the CA for a fix. This cuts to the root of the problem: there are no contractual relations between a relying party and the cartificate authorities upon whom he relies. As a result, there is no incentive for certificate authorities to adopt practices which benefit the relying party. Instead, the incentive is to adopt practices which benefit the CA and its customers, which are the parties to whom it issues certificates (but _not_ the parties to whom only other CA's issue certificates). Perhaps a solution to this is a new model. Under the new model, each relying party who chooses to participate would punt the trust anchors that come with his or her browser or other software, and instead subscribe to a trust anchor service, which for a fee provides a regularly-maintained list of trust anchors, or perhaps a single trust anchor which signs "root" CA certificates and for which a well-maintained OCSP server is provided. Such a trust anchor service would be an obvious candidate for bundling with ISP services or for sale by security software vendors. The trust anchor service, then, reaches agreements with the various certificate authorities, under which the CA is included in the list of trust anchors in exchange for the CA agreeing to maintain practices which are acceptable to the trust anchor provider. Note that some browser vendors already do essentially this, except that the CA has no contractual obligation to the browser vendor to meet the cirteria for inclusion in the trust anchor list on an ongoing basis, and the browser vendor has no contractual obligation to the users of its product to include only those CA's which meet a suitable set of criteria. -- Jeff Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n085jpxo020636 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 7 Jan 2009 22:45:51 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n085joYf020634; Wed, 7 Jan 2009 22:45:50 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from chokecherry.srv.cs.cmu.edu (CHOKECHERRY.SRV.CS.CMU.EDU [128.2.185.41]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n085jcKB020614 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Wed, 7 Jan 2009 22:45:50 -0700 (MST) (envelope-from jhutz@cmu.edu) Received: from 68-246-165-160.pools.spcsdns.net (ATLANTIS-HOME.PC.CS.CMU.EDU [128.2.184.185]) (authenticated bits=0) by chokecherry.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id n085jJwe008311 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 8 Jan 2009 00:45:21 -0500 (EST) Date: Thu, 08 Jan 2009 00:45:19 -0500 From: Jeffrey Hutzelman To: Peter Gutmann , v.paz@uq.edu.au cc: tmiller@mitre.org, ietf-pkix@imc.org, ietf-smime@imc.org, cfrg@irtf.org, saag@ietf.org, jhutz@cmu.edu Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Message-ID: <2125BB6F6871041891AD145D@atlantis.pc.cs.cmu.edu> In-Reply-To: <200901080421.n084LXid025471@raisinbran.srv.cs.cmu.edu> References: <200901080421.n084LXid025471@raisinbran.srv.cs.cmu.edu> X-Mailer: Mulberry/4.0.8 (Linux/x86) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Scanned-By: mimedefang-cmuscs on 128.2.185.41 Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: --On Thursday, January 08, 2009 05:21:22 PM +1300 Peter Gutmann wrote: > Even then it's a rather indirect approach that doesn't really target the > guilty party since you're scaring the user who is supposed to exert > pressure on the site which is then supposed to pressure the CA for a fix. This cuts to the root of the problem: there are no contractual relations between a relying party and the cartificate authorities upon whom he relies. As a result, there is no incentive for certificate authorities to adopt practices which benefit the relying party. Instead, the incentive is to adopt practices which benefit the CA and its customers, which are the parties to whom it issues certificates (but _not_ the parties to whom only other CA's issue certificates). Perhaps a solution to this is a new model. Under the new model, each relying party who chooses to participate would punt the trust anchors that come with his or her browser or other software, and instead subscribe to a trust anchor service, which for a fee provides a regularly-maintained list of trust anchors, or perhaps a single trust anchor which signs "root" CA certificates and for which a well-maintained OCSP server is provided. Such a trust anchor service would be an obvious candidate for bundling with ISP services or for sale by security software vendors. The trust anchor service, then, reaches agreements with the various certificate authorities, under which the CA is included in the list of trust anchors in exchange for the CA agreeing to maintain practices which are acceptable to the trust anchor provider. Note that some browser vendors already do essentially this, except that the CA has no contractual obligation to the browser vendor to meet the cirteria for inclusion in the trust anchor list on an ongoing basis, and the browser vendor has no contractual obligation to the users of its product to include only those CA's which meet a suitable set of criteria. -- Jeff Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n084Lf8C017116 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 7 Jan 2009 21:21:41 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n084LfAm017115; Wed, 7 Jan 2009 21:21:41 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from mailhost.auckland.ac.nz (larry.its.auckland.ac.nz [130.216.12.34]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n084LRaq017099; Wed, 7 Jan 2009 21:21:39 -0700 (MST) (envelope-from pgut001@cs.auckland.ac.nz) Received: from localhost (localhost.localdomain [127.0.0.1]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id 9E02319A23; Thu, 8 Jan 2009 17:21:26 +1300 (NZDT) X-Virus-Scanned: by amavisd-new at mailhost.auckland.ac.nz Received: from mailhost.auckland.ac.nz ([127.0.0.1]) by localhost (larry.its.auckland.ac.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FPAH1uc8SBNx; Thu, 8 Jan 2009 17:21:26 +1300 (NZDT) Received: from iris.cs.auckland.ac.nz (iris.cs.auckland.ac.nz [130.216.33.152]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id 987C719A2C; Thu, 8 Jan 2009 17:21:23 +1300 (NZDT) Received: from wintermute01.cs.auckland.ac.nz (wintermute01.cs.auckland.ac.nz [130.216.34.38]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by iris.cs.auckland.ac.nz (Postfix) with ESMTP id 6D18E1BE4002; Thu, 8 Jan 2009 17:21:22 +1300 (NZDT) Received: from pgut001 by wintermute01.cs.auckland.ac.nz with local (Exim 4.63) (envelope-from ) id 1LKmOY-0001mL-AH; Thu, 08 Jan 2009 17:21:22 +1300 From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: pgut001@cs.auckland.ac.nz, v.paz@uq.edu.au Subject: RE: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Cc: cfrg@irtf.org, ietf-pkix@imc.org, ietf-smime@imc.org, saag@ietf.org, tmiller@mitre.org In-Reply-To: <6C62167D152FAD4F91D2D6C8392D1DF005B58E85@UQEXMB1.soe.uq.edu.au> Message-Id: Date: Thu, 08 Jan 2009 17:21:22 +1300 Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: "Viviani Paz" writes: >1- browser vendors strongly encouraging the CA organisations vulnerable to >this problem (using MD5) to get their act together. I'd like to see the >browser vendors giving them a cut off timeframe and remove these root certs >from their trust lists for good. The problem with this is that it's not going to be so easy to tell who's at fault, the first MD5 cert may not appear until several levels down the food chain so there's no way to tell whether a particular root ends in an MD5 cert. And if you do remove a root because some unrelated party five steps down the food chain uses MD5 I can see lawsuits happening... >2- meanwhile browser vendors could issue a warning when certificates relying >on MD5 are in use, this is simpler to be done and shame goes a long way >sometimes. It doesn't resolve the problem, but sets things in motion. That one would definitely work, but has the downside of penalising innocent customers of the CA that issued the cert and not the CA that made the mess. You'd have to convince the CA to issue free replacements for this to work, possibly by framing the warning message in terms of the CA using unsafe practices rather than the site itself being insecure. Even then it's a rather indirect approach that doesn't really target the guilty party since you're scaring the user who is supposed to exert pressure on the site which is then supposed to pressure the CA for a fix. (This is one of those great all-care-and-no-responsibility situations, the CAs can pretty much screw up as much as they want but there's no real repercussions for anyone because of the collateral damage issue. The debate on the Mozilla forums shows this, there's all manner of knee-jerk reactions possible to make an example of someone convenient but none of them really get to the root of the problem). Peter. Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n07BIHXS067536 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 7 Jan 2009 04:18:17 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n07BIHmj067535; Wed, 7 Jan 2009 04:18:17 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from WOTAN.TR-Sys.de (gateway.tr-sys.de [213.178.172.147]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n07BI4Gr067525 for ; Wed, 7 Jan 2009 04:18:16 -0700 (MST) (envelope-from A.Hoenes@tr-sys.de) Received: from ZEUS.TR-Sys.de by w. with ESMTP ($Revision: 1.37.109.26 $/16.3) id AA211216984; Wed, 7 Jan 2009 12:16:24 +0100 Received: (from ah@localhost) by z.TR-Sys.de (8.9.3 (PHNE_25183)/8.7.3) id MAA06692; Wed, 7 Jan 2009 12:16:22 +0100 (MEZ) From: Alfred =?hp-roman8?B?SM5uZXM=?= Message-Id: <200901071116.MAA06692@TR-Sys.de> Subject: Re: 3850bis and 3851bis: proposed changes to cryptographic key sizes To: tim.polk@nist.gov, ietf-smime@imc.org Date: Wed, 7 Jan 2009 12:16:22 +0100 (MEZ) X-Mailer: ELM [$Revision: 1.17.214.3 $] Mime-Version: 1.0 Content-Type: text/plain; charset=hp-roman8 Content-Transfer-Encoding: 7bit Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Folks, I agree with Paul with regard to the process (new I-D preferable). The AD proposed changes at first glance are intended to make the requirements *stronger* (as far as possible without relying on an official version of FIPS PUB 186-3) without sacrificing backwards compatibility. Therefore, I agree with the amended Security Considerations text, for both 3850bis and 3581 bis, and the changes proposed for receiving agent (signature verifier) behavior -- although these now allow small key sizes (< 512) which were not allowed by RFC 3850, and hence this change comes a bit to surprise. However, I really do not understand why, at the 'low end', signature *generating* agents shall now be allowed (via 'MAY') to generate signatures with the even worse key sizes < 512, for both RSA and DSA. Since already S/MIME v3.1 agents had no requirement for being able to verify such signatures, why now adding the capability to produce such signatures ? Finally, nits for 3851bis, in (1) / Section 4.2 : - I suggest s!generated!generating! - Also, for alignment with (2) / Section 4.3, it might be preferable to use plural: s!an S/MIME agent!S/MIME agents! Kind regards, Alfred. -- +------------------------+--------------------------------------------+ | TR-Sys Alfred Hoenes | Alfred Hoenes Dipl.-Math., Dipl.-Phys. | | Gerlinger Strasse 12 | Phone: (+49)7156/9635-0, Fax: -18 | | D-71254 Ditzingen | E-Mail: ah@TR-Sys.de | +------------------------+--------------------------------------------+ Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n06E91dt004043 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 6 Jan 2009 07:09:01 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n06E918k004041; Tue, 6 Jan 2009 07:09:01 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from smtp-bedford.mitre.org (smtp-bedford.mitre.org [129.83.20.191]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n06E8iNh004015; Tue, 6 Jan 2009 07:08:54 -0700 (MST) (envelope-from tmiller@mitre.org) Received: from smtp-bedford.mitre.org (localhost.localdomain [127.0.0.1]) by smtp-bedford.mitre.org (8.13.1/8.13.1) with ESMTP id n06E8eNx012872; Tue, 6 Jan 2009 09:08:42 -0500 Received: from imchub2.MITRE.ORG (imchub2.mitre.org [129.83.29.74]) by smtp-bedford.mitre.org (8.13.1/8.13.1) with ESMTP id n06E8dZg012792; Tue, 6 Jan 2009 09:08:39 -0500 Received: from [129.83.200.4] (129.83.200.4) by imchub2.MITRE.ORG (129.83.29.74) with Microsoft SMTP Server (TLS) id 8.1.311.2; Tue, 6 Jan 2009 09:08:39 -0500 Message-ID: <496365C7.4040804@mitre.org> Date: Tue, 6 Jan 2009 08:08:07 -0600 From: "Timothy J. Miller" User-Agent: Thunderbird 2.0.0.19 (Windows/20081209) MIME-Version: 1.0 To: Peter Gutmann CC: "ynir@checkpoint.com" , "cfrg@irtf.org" , "ietf-pkix@imc.org" , "ietf-smime@imc.org" , "mike-list@pobox.com" , "pmhesse@geminisecurity.com" , "rgm-sec@htt-consult.com" , "saag@ietf.org" Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate References: In-Reply-To: Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms000103090206070301000309" Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: --------------ms000103090206070301000309 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Peter Gutmann wrote: > "Timothy J. Miller" writes: > >> The only reliable way to nuke a trusted cert from Windows is touch management >> of workstations. > > It's worse than that, there is no reliable way to remove trusted certs from > Windows. See Paul Hoffman's analysis at > http://www.proper.com/root-cert-problem/. I've corresponded with Paul about that in the past. Root auto-installation can be disabled, users can be blocked from installing roots in both the machine and user store (requires domain GPO, IIRC), and subjectInfoAccess chasing can be disabled (Vista "feature"). Incomplete answer for general users, yes, but it's there nonetheless. Presumably if you're touch managing workstations for trust anchor removal you can verify that these settings are all in place. :) The roots that shouldn't be removed are the ones needed to boot (i.e., validate authenticode signatures). That's more than a few in XP. -- Tim --------------ms000103090206070301000309 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIKvjCC A2cwggJPoAMCAQICAh8FMA0GCSqGSIb3DQEBBQUAMF0xEjAQBgNVBAoTCW1pdHJlLm9yZzEe MBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MScwJQYDVQQDEx5NSVRSRSBDb3Jwb3Jh dGlvbiBQcmltYXJ5IENBLTEwHhcNMDgwODIxMTUzMTI5WhcNMTAwMjEyMTUzMTI5WjBaMRIw EAYDVQQKEwltaXRyZS5vcmcxDzANBgNVBAsTBnBlb3BsZTEXMBUGCgmSJomT8ixkAQETB3Rt aWxsZXIxGjAYBgNVBAMTEU1pbGxlciBUaW1vdGh5IEouMIGfMA0GCSqGSIb3DQEBAQUAA4GN ADCBiQKBgQCTxM+z5fDKvmBInGatv0DkVwuOxd69S2M2jho8QkOltYJK/4JUm9uK0UtQZkyI bEjmCpmXLw17iMCgA0SjwuUfJxdF8ntTys8keyMjRdlKSwFnkgZl9tL7o060LBtZQYzI5ajr W9k3N768G/k1bZS5UYiMGHU5+Ygl4IwVhmQv3wIDAQABo4G3MIG0MA4GA1UdDwEB/wQEAwIF 4DAdBgNVHQ4EFgQUSXARqmj5Bl2Lz7RLoUIkuOHl0MkwHwYDVR0jBBgwFoAUh7QPSI1iM0LB LVEaSB7CnrsKsa0wRAYDVR0fBD0wOzA5oDegNYYzaHR0cDovL3d3dy5taXRyZS5vcmcvdGVj aC9taWkvcGtpL2NhMV9taXRyZV9vcmcuY3JsMBwGA1UdEQQVMBOBEXRtaWxsZXJAbWl0cmUu b3JnMA0GCSqGSIb3DQEBBQUAA4IBAQAbA1PH/hed/rryO1f0yfTRJnD/vL1rFTduUut/irL7 FSXHGybuPHxydfyGPvJ4qj+T8hs1W0jTa2zQnaPR52tms3hefl76CNVP9vJoVmaM9svFX4DX 6eJh/4SAI81tAuBIK8gxsWd1Va/Bnnh1/wsZLc8w2jkojVqkT2AHPaHS3DBKX7QAWovXVSxY QlqMIH4zvSNSVfpvpIf0MWJWRBPvgerVSbJsA4dz6ziKvXDWySTV9zwSuNjikNqL//nIKwjb r3ZOfSUOxSuhW58an2Ha4TdORvG4dGJEsMzxbpTB+wt/s6tK6roONV4uiDtODBNVAG+XGofe McsS0b7iXdxDMIIDZzCCAk+gAwIBAgICHwUwDQYJKoZIhvcNAQEFBQAwXTESMBAGA1UEChMJ bWl0cmUub3JnMR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxJzAlBgNVBAMTHk1J VFJFIENvcnBvcmF0aW9uIFByaW1hcnkgQ0EtMTAeFw0wODA4MjExNTMxMjlaFw0xMDAyMTIx NTMxMjlaMFoxEjAQBgNVBAoTCW1pdHJlLm9yZzEPMA0GA1UECxMGcGVvcGxlMRcwFQYKCZIm iZPyLGQBARMHdG1pbGxlcjEaMBgGA1UEAxMRTWlsbGVyIFRpbW90aHkgSi4wgZ8wDQYJKoZI hvcNAQEBBQADgY0AMIGJAoGBAJPEz7Pl8Mq+YEicZq2/QORXC47F3r1LYzaOGjxCQ6W1gkr/ glSb24rRS1BmTIhsSOYKmZcvDXuIwKADRKPC5R8nF0Xye1PKzyR7IyNF2UpLAWeSBmX20vuj TrQsG1lBjMjlqOtb2Tc3vrwb+TVtlLlRiIwYdTn5iCXgjBWGZC/fAgMBAAGjgbcwgbQwDgYD VR0PAQH/BAQDAgXgMB0GA1UdDgQWBBRJcBGqaPkGXYvPtEuhQiS44eXQyTAfBgNVHSMEGDAW gBSHtA9IjWIzQsEtURpIHsKeuwqxrTBEBgNVHR8EPTA7MDmgN6A1hjNodHRwOi8vd3d3Lm1p dHJlLm9yZy90ZWNoL21paS9wa2kvY2ExX21pdHJlX29yZy5jcmwwHAYDVR0RBBUwE4ERdG1p bGxlckBtaXRyZS5vcmcwDQYJKoZIhvcNAQEFBQADggEBABsDU8f+F53+uvI7V/TJ9NEmcP+8 vWsVN25S63+KsvsVJccbJu48fHJ1/IY+8niqP5PyGzVbSNNrbNCdo9Hna2azeF5+XvoI1U/2 8mhWZoz2y8VfgNfp4mH/hIAjzW0C4EgryDGxZ3VVr8GeeHX/CxktzzDaOSiNWqRPYAc9odLc MEpftABai9dVLFhCWowgfjO9I1JV+m+kh/QxYlZEE++B6tVJsmwDh3PrOIq9cNbJJNX3PBK4 2OKQ2ov/+cgrCNuvdk59JQ7FK6FbnxqfYdrhN05G8bh0YkSwzPFulMH7C3+zq0rqug41Xi6I O04ME1UAb5cah94xyxLRvuJd3EMwggPkMIICzKADAgECAgEFMA0GCSqGSIb3DQEBBQUAMFox EjAQBgNVBAoTCW1pdHJlLm9yZzEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MSQw IgYDVQQDExtNSVRSRSBDb3Jwb3JhdGlvbiBSb290IENBLTEwHhcNMDYwNjAzMTcxMzIyWhcN MTIwNjAzMTcxMzIyWjBdMRIwEAYDVQQKEwltaXRyZS5vcmcxHjAcBgNVBAsTFUNlcnRpZmlj YXRlIEF1dGhvcml0eTEnMCUGA1UEAxMeTUlUUkUgQ29ycG9yYXRpb24gUHJpbWFyeSBDQS0x MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyPB7Vl0QgqgQt0u8Q2duRs7eZUPn hlflKPFPMXGG+iqGpImYs6nfbFPsn0q8FqklFsm/UEV2JJQ3c7Srwfrqe9CrCbVFh761OxZI 7fnUWiUasNP2ING19aAfrQ8IoJsAEtGzHeIacS+M5CN4C0yfUC6CpBZTc9ZldjLUatvJr407 K1i+7WnrRsMVKhICfgmiO/XiVR9YeXyzeRqFrLy6YtJCJuJd0QRfwKtKRpek5oU67Izr7ClH DtPJs7UOTjMYBS2fTzztC+wwOTp6+A3ZbEymuQcAZRwmGkjVBe2R8MiX26R02Iigz+903ZAL /6bpvx0DnkrlR2UFr1KBGfBqmQIDAQABo4GxMIGuMBIGA1UdEwEB/wQIMAYBAf8CAQIwDgYD VR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSHtA9IjWIzQsEtURpIHsKeuwqxrTAfBgNVHSMEGDAW gBTHcFEA2E3+5AHUaJbFPZ+al/50LzBIBgNVHR8EQTA/MD2gO6A5hjdodHRwOi8vd3d3Lm1p dHJlLm9yZy90ZWNoL21paS9wa2kvcm9vdGNhMV9taXRyZV9vcmcuY3JsMA0GCSqGSIb3DQEB BQUAA4IBAQBNbm7rrins3SICPbteX9qSN1+RJClqix/pw3IAe7u60LK0V9jVZ9E2a+c0MZiS ojdcwU5rXxI2OI2wwIf6wVBo76jIOc+IiQRlC+V8YatGmoibqP/8WDPzlud/WQAzkjrU2nuh 8KdyJG+n1kH/6772Lbra2CIk8mu8FypeaB5P2uIJzdE+PGo82ZiyU680ukiJ9yF6UmEXuciB 77tGQBRxMl6ePzIrArQnf48SmBhFD5XYLraueOiG7E+AzD99ig1M6WHcxWXtp3DIrVqE/DZr 146NJaCWqg9NoE14cmpEllnpWLtLnn5UBYJ+QCozmbe1SJXOOynZ0VxMnGdh7NqgMYICqDCC AqQCAQEwYzBdMRIwEAYDVQQKEwltaXRyZS5vcmcxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1 dGhvcml0eTEnMCUGA1UEAxMeTUlUUkUgQ29ycG9yYXRpb24gUHJpbWFyeSBDQS0xAgIfBTAJ BgUrDgMCGgUAoIIBmzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEP Fw0wOTAxMDYxNDA4MDdaMCMGCSqGSIb3DQEJBDEWBBSVwyNPDjTW1JWkewjwuwqOgzrNdzBS BgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0D AgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDByBgkrBgEEAYI3EAQxZTBjMF0xEjAQBgNV BAoTCW1pdHJlLm9yZzEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MScwJQYDVQQD Ex5NSVRSRSBDb3Jwb3JhdGlvbiBQcmltYXJ5IENBLTECAh8FMHQGCyqGSIb3DQEJEAILMWWg YzBdMRIwEAYDVQQKEwltaXRyZS5vcmcxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0 eTEnMCUGA1UEAxMeTUlUUkUgQ29ycG9yYXRpb24gUHJpbWFyeSBDQS0xAgIfBTANBgkqhkiG 9w0BAQEFAASBgA+rbTeKDp1QXxK7oj1xFjfCEPxO7OdxC1S2IU4zLkMB733Yk1gLoV7Hk7TC i80TgdfLJUXt4tg6SXyQnHSJmsskCtH/mh43NyDoK0zBczSgi7VOO2a6NQV2VI19g0vw8SW6 kx3SuvzveDY6klEiVXBXpbdHJHIQ/VwJj5E5NoC/AAAAAAAA --------------ms000103090206070301000309-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n068iKVi085152 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 6 Jan 2009 01:44:20 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n068iKfH085149; Tue, 6 Jan 2009 01:44:20 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from mailhost.auckland.ac.nz (larry.its.auckland.ac.nz [130.216.12.34]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n068i7L1085128; Tue, 6 Jan 2009 01:44:19 -0700 (MST) (envelope-from pgut001@cs.auckland.ac.nz) Received: from localhost (localhost.localdomain [127.0.0.1]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id 7CAC71A20F; Tue, 6 Jan 2009 21:44:06 +1300 (NZDT) X-Virus-Scanned: by amavisd-new at mailhost.auckland.ac.nz Received: from mailhost.auckland.ac.nz ([127.0.0.1]) by localhost (larry.its.auckland.ac.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wXHL334utc-6; Tue, 6 Jan 2009 21:44:06 +1300 (NZDT) Received: from iris.cs.auckland.ac.nz (iris.cs.auckland.ac.nz [130.216.33.152]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id 057771A202; Tue, 6 Jan 2009 21:44:00 +1300 (NZDT) Received: from wintermute01.cs.auckland.ac.nz (wintermute01.cs.auckland.ac.nz [130.216.34.38]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by iris.cs.auckland.ac.nz (Postfix) with ESMTP id 78D7D1BE4002; Tue, 6 Jan 2009 21:43:56 +1300 (NZDT) Received: from pgut001 by wintermute01.cs.auckland.ac.nz with local (Exim 4.63) (envelope-from ) id 1LK7XY-0004kA-BQ; Tue, 06 Jan 2009 21:43:56 +1300 From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: tmiller@mitre.org, ynir@checkpoint.com Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Cc: cfrg@irtf.org, ietf-pkix@imc.org, ietf-smime@imc.org, mike-list@pobox.com, pmhesse@geminisecurity.com, rgm-sec@htt-consult.com, saag@ietf.org In-Reply-To: <49621BD4.1020909@mitre.org> Message-Id: Date: Tue, 06 Jan 2009 21:43:56 +1300 Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: "Timothy J. Miller" writes: >The only reliable way to nuke a trusted cert from Windows is touch management >of workstations. It's worse than that, there is no reliable way to remove trusted certs from Windows. See Paul Hoffman's analysis at http://www.proper.com/root-cert-problem/. Peter. Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n063EnT3069461 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 5 Jan 2009 20:14:49 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n063Enq8069459; Mon, 5 Jan 2009 20:14:49 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from vms046pub.verizon.net (vms046pub.verizon.net [206.46.252.46]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n063EcWn069425; Mon, 5 Jan 2009 20:14:48 -0700 (MST) (envelope-from tim.polk@nist.gov) Received: from [192.168.1.5] ([71.191.34.86]) by vms046.mailsrvcs.net (Sun Java System Messaging Server 6.2-6.01 (built Apr 3 2006)) with ESMTPA id <0KD100JG84ZXL565@vms046.mailsrvcs.net>; Mon, 05 Jan 2009 21:14:21 -0600 (CST) Date: Mon, 05 Jan 2009 22:14:22 -0500 From: Tim Polk Subject: Re: 3850bis and 3851bis: proposed changes to cryptographic key sizes In-reply-to: To: Paul Hoffman Cc: S-MIME / IETF Message-id: MIME-version: 1.0 (Apple Message framework v753.1) X-Mailer: Apple Mail (2.753.1) Content-type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Content-transfer-encoding: 7bit References: Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: On Jan 5, 2009, at 5:05 PM, Paul Hoffman wrote: > At 4:24 PM -0500 1/5/09, Tim Polk wrote: >> I have had some private discussions with one of the authors >> (Sean), and we have collaborated on some language that would >> reflect that discussion. However, I understand that this was a >> sensitive and somewhat controversial topic on the working group >> list. I would like the working group to review the proposed RFC >> Editor Notes for 3850bis and 3851bis, and confirm that these >> changes are acceptable given the feedback received from the wider >> Internet community. That is, please consider whether the proposed >> new text addresses the working group's concerns given that the >> minimum strength of the mandatory to implements need to be raised. > > The new ranges and new text work for me. > > What does *not* work for me is this being done as an RFC Editor > note. It should be done instead as a new draft before IESG > consideration so the whole IETF community can see the changes. The > IETF is supposed to be working on transparency, and keeping these > out of the Internet Draft hurts that effort. I have to agree, these changes are too substantial to be buried in an RFC Editor Note while it sits in queue. It is a nice format to frame the discussion, though. If the working group is happy, I will ask the editors for new drafts before I request an approval announcement. Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n062uZRp068427 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 5 Jan 2009 19:56:35 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n062uYqX068422; Mon, 5 Jan 2009 19:56:34 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from mx11.bbn.com (mx11.bbn.com [128.33.0.80]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n062uLeo068402; Mon, 5 Jan 2009 19:56:31 -0700 (MST) (envelope-from kent@bbn.com) Received: from dommiel.bbn.com ([192.1.122.15] helo=[10.16.95.209]) by mx11.bbn.com with esmtp (Exim 4.60) (envelope-from ) id 1LK26z-0000cO-DW; Mon, 05 Jan 2009 21:56:09 -0500 Mime-Version: 1.0 Message-Id: In-Reply-To: <496214E9.6010902@mitre.org> References: <495BA5E9.8040305@pobox.com> <1b587cab0901010706j6e8cd2f8pf23345660a4825a5@mail.gmail.com> <495D0100.6000200@links.org> <495D1C0A.2080105@links.org> <496214E9.6010902@mitre.org> Date: Mon, 5 Jan 2009 21:53:15 -0500 To: "Timothy J. Miller" From: Stephen Kent Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Cc: Ben Laurie , Santosh Chokhani , Paul Hoffman , "cfrg@irtf.org" , "ietf-smime@imc.org" , "saag@ietf.org" , "ietf-pkix@imc.org" , "mike-list@pobox.com" Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: At 8:10 AM -0600 1/5/09, Timothy J. Miller wrote: >Ben Laurie wrote: > >>I am not suggesting that we should fix X.509, I am pointing out, in my >>own roundabout way, that X.509 certs are supposed to have a canonical >>form. But it seems they do not. > >That was last month's major discussion on PKIX. The upshot: there's >no canonical form other than what's in memory. > >-- Tim Tim, Your response is an oversimplification, in several respects. Ben's comment was a bit ill-formed. It's not that certs in general do or do not have a canonical form, but whether a given cert has a canonical representation. If the cert has no extensions, then it does. If it has extensions, then since the top level extension syntax is a SEQUENCE, there the order of extensions in that sequence (when the cert was signed) is definitive. (if that syntax had called for a SET, then DER encoding would impose an order at this level, so use of the SEQUENCE construct here make life a bit easier.) The context in which there is some disagreement is whether an extension needs to be DER encoded below the next level, where it is defined as an OCTET string. If one stops at the OCTET string level, the life is easy and an RP can always encode to DER upon receipt (since the base cert format IS known by all RPs and they are technically capable of encoding it in DER). If one interprets X.509 to require DER for the lower levels of the structure of a cert extension, then a problem can arise. It was noted that a non-critical extension (which therefore ought not be rejected out of hand by an RP) might have a syntax unknown to an RP. Thus the RP needs to assume that what it received is DER encoded when computing the signature, as it has no way to recompute the DER. Steve Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n060xoK3062805 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 5 Jan 2009 17:59:50 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n060xo5h062804; Mon, 5 Jan 2009 17:59:50 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from mail.ietf.org (mail.ietf.org [64.170.98.32]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n060xok7062795 for ; Mon, 5 Jan 2009 17:59:50 -0700 (MST) (envelope-from root@core3.amsl.com) Received: by core3.amsl.com (Postfix, from userid 0) id 0838D3A6825; Mon, 5 Jan 2009 17:00:01 -0800 (PST) From: Internet-Drafts@ietf.org To: i-d-announce@ietf.org Cc: ietf-smime@imc.org Subject: I-D ACTION:draft-ietf-smime-3278bis-05.txt Content-Type: Multipart/Mixed; Boundary="NextPart" Mime-Version: 1.0 Message-Id: <20090106010002.0838D3A6825@core3.amsl.com> Date: Mon, 5 Jan 2009 17:00:02 -0800 (PST) Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the S/MIME Mail Security Working Group of the IETF. Title : Use of Elliptic Curve Cryptography (ECC) Algorithms in Cryptographic Message Syntax (CMS) Author(s) : S. Turner, D. Brown Filename : draft-ietf-smime-3278bis-05.txt Pages : 56 Date : 2009-1-5 This document describes how to use Elliptic Curve Cryptography (ECC) public-key algorithms in the Cryptographic Message Syntax (CMS). The ECC algorithms support the creation of digital signatures and the exchange of keys to encrypt or authenticate content. The definition of the algorithm processing is based on the NIST FIPS 186-3 for digital signature, NIST SP800-56A and SEC1 for key agreement, RFC 3370 and RFC 3565 for key wrap and content encryption, NIST FIPS 180- 3 for message digest, SEC1 for key derivation, and RFC 2104 and RFC 4231 for message authentication code standards. This document obsoletes RFC 3278. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-smime-3278bis-05.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Message/External-body; name="draft-ietf-smime-3278bis-05.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2009-1-5165634.I-D@ietf.org> --NextPart-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n05NJinV058422 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 5 Jan 2009 16:19:44 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n05NJiY3058420; Mon, 5 Jan 2009 16:19:44 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from jackfruit.srv.cs.cmu.edu (JACKFRUIT.SRV.CS.CMU.EDU [128.2.201.16]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n05NJWTk058399 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Mon, 5 Jan 2009 16:19:43 -0700 (MST) (envelope-from jhutz@cmu.edu) Received: from MINBAR.FAC.CS.CMU.EDU (MINBAR.FAC.CS.CMU.EDU [128.2.216.42]) (authenticated bits=0) by jackfruit.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id n05NJOQL025577 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 5 Jan 2009 18:19:25 -0500 (EST) Date: Mon, 05 Jan 2009 18:19:24 -0500 From: Jeffrey Hutzelman To: Philipp Guehring , Santosh Chokhani cc: cfrg@irtf.org, ietf-smime@imc.org, saag@ietf.org, ietf-pkix@imc.org, jhutz@cmu.edu Subject: Re: [saag] Further MD5 breaks: Creating a rogue CA certificate Message-ID: <8000C8B414F892C162CFE699@minbar.fac.cs.cmu.edu> In-Reply-To: <200901050658.n056wm4K021787@toasties.srv.cs.cmu.edu> References: <200812301605.mBUG5cKU027325@raisinbran.srv.cs.cmu.edu> <9535147E88DA266C69B983D0@atlantis.pc.cs.cmu.edu> <9D2E555A-7A24-4FA7-ABF9-33F6F55AA8F2@checkpoint.com> <200901050658.n056wm4K021787@toasties.srv.cs.cmu.edu> X-Mailer: Mulberry/4.0.8 (Linux/x86) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Scanned-By: mimedefang-cmuscs on 128.2.201.16 Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: --On Thursday, January 01, 2009 05:01:33 AM +0100 Philipp Guehring wrote: >> It should be noted, though, that yanking the trust anchors is not >> enough. You really should change the relying party to not recognize >> this algorithm. Otherwise, it's perfectly valid for a CA whose >> certificate is signed with SHA1 to sign an intermediate CA certificate >> with MD5 (although they usually don't do that, I hope) > > I also thought so, but then I realized that if we invalidate MD5 > completely, then we would also invalidate root certificates that are MD5 > self-signed, which isn't a security issue. So that would give lots of > unnecessary false-positives. Except that the validation process doesn't actually need to check the signature on a "root certificate", because that signature is not part of the chain. > I would like to propose the following idea: > > We should define a date for expiring MD5 in certificate chains for the > Internet. I would suggest the 1. June 2009, which is 6 months from now. Hahahahaha! If we all agreed, today, that this is the right approach, and the browser vendors all agreed with us, and they all managed to have updated versions available, by, say, next week... It would be after June before anyone even had the new software. If we're going to propose that browser vendors make a software change, it should not be to remove MD5 support; it should be to allow configuration of which signature algorithms are supported, just as they allow configuration of which TLS ciphersuites are supported. It certainly should _not_ be to generate a warning every time an MD5 signature is used. All that will do is train users to click away security warnings without reading them, which they are already quite good at. -- Jeff Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n05M5TmH055557 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 5 Jan 2009 15:05:29 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n05M5TM3055556; Mon, 5 Jan 2009 15:05:29 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from [10.20.30.158] (sn81.proper.com [75.101.18.81]) (authenticated bits=0) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n05M5QDS055544 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 5 Jan 2009 15:05:27 -0700 (MST) (envelope-from phoffman@imc.org) Mime-Version: 1.0 Message-Id: In-Reply-To: References: Date: Mon, 5 Jan 2009 14:05:24 -0800 To: Tim Polk , S-MIME / IETF From: Paul Hoffman Subject: Re: 3850bis and 3851bis: proposed changes to cryptographic key sizes Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: At 4:24 PM -0500 1/5/09, Tim Polk wrote: >I have had some private discussions with one of the authors (Sean), and we have collaborated on some language that would reflect that discussion. However, I understand that this was a sensitive and somewhat controversial topic on the working group list. I would like the working group to review the proposed RFC Editor Notes for 3850bis and 3851bis, and confirm that these changes are acceptable given the feedback received from the wider Internet community. That is, please consider whether the proposed new text addresses the working group's concerns given that the minimum strength of the mandatory to implements need to be raised. The new ranges and new text work for me. What does *not* work for me is this being done as an RFC Editor note. It should be done instead as a new draft before IESG consideration so the whole IETF community can see the changes. The IETF is supposed to be working on transparency, and keeping these out of the Internet Draft hurts that effort. Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n05LP2J2054069 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 5 Jan 2009 14:25:03 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n05LP2lC054068; Mon, 5 Jan 2009 14:25:02 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from smtp.nist.gov (rimp2.nist.gov [129.6.16.227]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n05LP0ml054056 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Mon, 5 Jan 2009 14:25:01 -0700 (MST) (envelope-from tim.polk@nist.gov) Received: from [192.168.15.166] (bethany.ncsl.nist.gov [129.6.52.15]) by smtp.nist.gov (8.13.1/8.13.1) with ESMTP id n05LOsIc030165; Mon, 5 Jan 2009 16:24:54 -0500 Mime-Version: 1.0 (Apple Message framework v753.1) Content-Type: text/plain; charset=WINDOWS-1252; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: quoted-printable From: Tim Polk Subject: 3850bis and 3851bis: proposed changes to cryptographic key sizes Date: Mon, 5 Jan 2009 16:24:56 -0500 To: S-MIME / IETF X-Mailer: Apple Mail (2.753.1) X-NIST-MailScanner: Found to be clean X-NIST-MailScanner-From: tim.polk@nist.gov Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Folks, 3850bis and 3851bis are tentatively scheduled for discussion on this =20 week's IESG telechat (Thursday, January 8). Those that read the IETF =20= Last Call email or subscribe to the saag or cfrg mailing lists =20 already know that I have concerns about the cryptographic key sizes =20 specified in these documents (especially the mandate to support 512 =20 bit RSA in 3850bis). While the IETF Last Call was largely silent on =20 this issue, the saag and cfrg feedback indicate that the mandatory to =20= implements should not include cryptography weaker that 1024 bit RSA, =20 but that the interoperability concerns should be clearly specified. I have had some private discussions with one of the authors (Sean), =20 and we have collaborated on some language that would reflect that =20 discussion. However, I understand that this was a sensitive and =20 somewhat controversial topic on the working group list. I would like =20= the working group to review the proposed RFC Editor Notes for 3850bis =20= and 3851bis, and confirm that these changes are acceptable given the =20 feedback received from the wider Internet community. That is, please =20= consider whether the proposed new text addresses the working group's =20 concerns given that the minimum strength of the mandatory to =20 implements need to be raised. Early feedback would be appreciated! Thanks, Tim Polk -------------------- RFC Editor Note for draft-ietf-smime-3850bis (1) In Section 4.2., Certificate and CRL Signing Algorithms and Key =20 Sizes, please make the following substitution: OLD: The following are the RSA key size requirements for S/MIME receiving =20 agents during certificate and CRL signature verification: 0 < key size < 512 : MAY (see Section 6) 512 <=3D key size <=3D 4096 : MUST (see Section 6) 4096 < key size : MAY (see Section 6) The following are the DSA key size requirements for S/MIME receiving =20 agents during certificate and CRL signature verification: 512 <=3D key size <=3D 1023 : MAY (see Section 6) 1024 =3D key size : SHOULD- (see Section 6) NEW: The following are the RSA key size requirements for S/MIME receiving =20 agents during certificate and CRL signature verification: key size <=3D 1023 : MAY (see Section 6) 1024 <=3D key size <=3D 4096 : MUST (see Section 6) 4096 < key size : MAY (see Section 6) The following are the DSA key size requirements for S/MIME receiving =20 agents during certificate and CRL signature verification: key size <=3D 1023 : MAY (see Section 6) 1024 =3D key size : SHOULD- (see Section 6) (2) In Section 6 Security Considerations, please make the following =20 substitution: OLD: The 4096-bit RSA key size requirement for certificate and CRL =20 verification is larger than the 2048-bit RSA key sizes for message =20 signature generation/verification or message encryption/decryption in =20= [SMIME-MSG] because many Root CAs included in certificate stores have =20= already issued Root certificates with 4096-bit key. The standard =20 that defines comparable key sizes for DSA is not yet available. In =20 particular, [FIPS186-2] without Change Notice 1 allowed DSA key sizes =20= between 512 and 1024 bits and [FIPS186-2] with Change Notice 1 only =20 allowed DSA key sizes of 1024 bits. A revision to support larger key =20= sizes is being developed, and once it is available, implementors =20 ought to support DSA key sizes comparable to the RSA key sizes =20 recommended in this specification. Today, 512-bit RSA and DSA keys are considered by many experts to be =20 cryptographically insecure. NEW: The 4096-bit RSA key size requirement for certificate and CRL =20 verification is larger than the 2048-bit RSA key sizes for message =20 signature generation/verification or message encryption/decryption in =20= [SMIME-MSG] because many Root CAs included in certificate stores have =20= already issued Root certificates with 4096-bit key. The standard =20 that defines comparable key sizes for DSA is not yet available. In =20 particular, [FIPS186-2] without Change Notice 1 allowed DSA key sizes =20= between 512 and 1024 bits and [FIPS186-2] with Change Notice 1 only =20 allowed DSA key sizes of 1024 bits. A revision to support larger key =20= sizes is being developed, and once it is available, implementors =20 ought to support DSA key sizes comparable to the RSA key sizes =20 recommended in this specification. Further, 4096-bit keys are =20 normally only used by Root certificates and not by subordinate CA =20 certificates; thereby, lengthening the Root CA certificate=92s validity =20= period. RSA and DSA keys of less than 1024 bits are now considered by many =20 experts to be cryptographically insecure (due to advances in =20 computing power), and should no longer be used to sign certificates =20 or CRLs. Such keys were previously considered secure, so processing =20 previously received signed and encrypted mail may require processing =20 certificates or CRLs signed with weak keys. Implementations that =20 wish to support previous versions of S/MIME or process old messages =20 need to consider the security risks that result from accepting =20 certificates and CRLs with smaller key sizes (e.g., spoofed =20 certificates) versus the costs of denial of service. If an =20 implementation supports verification of certificates or CRLs =20 generated with RSA and DSA keys of less than 1024 bits, it MUST warn =20 the user. Implementers should consider providing a stronger warning =20 for weak signatures on certificates and CRLs associated with newly =20 received messages than the one provided for certificates and CRLs =20 associated with previously stored messages. Server implementations =20 (e.g., secure mail list servers) where user warnings are not =20 appropriate SHOULD reject messages with weak cryptography. --- end of RFC Editor Note for draft-ietf-smime-3850bis --- RFC Editor Note for draft-ietf-smime-3851bis (1) In Section 4.2 Signature Generation, please make the following =20 substitution: From: The following are the requirements for an S/MIME agent generated RSA =20 signatures: 512 <=3D key size < 1024 : MAY (see Security Considerations) 1024 <=3D key size <=3D 2048 : SHOULD (see Security Considerations) 2048 < key size : MAY (see Security Considerations) The following are the requirements for an S/MIME agent generated DSA =20 signatures: 512 <=3D key size <=3D 1023 : MAY (see Security Considerations) 1024 =3D key size : SHOULD- (see Security Considerations) To: The following are the requirements for an S/MIME agent generated RSA =20 signatures: key size <=3D 1023 : MAY (see Security Considerations) 1024 <=3D key size <=3D 2048 : SHOULD (see Security Considerations) 2048 < key size : MAY (see Security Considerations) The following are the requirements for an S/MIME agent generated DSA =20 signatures: key size <=3D 1023 : MAY (see Security Considerations) 1024 =3D key size : SHOULD- (see Security Considerations) (2) In Section 4.3 Signature Verification, please make the following =20 substitution: OLD: The following are the requirements for S/MIME receiving agents during =20= signature verification of RSA signatures: 512 <=3D key size <=3D 2048 : MUST (see Security Considerations) 2048 < key size : MAY (see Security Considerations) The following are the requirements for S/MIME receiving agents during =20= signature verification of DSA signatures: 512 <=3D key size <=3D 1023 : MAY (see Security Considerations) 1024 =3D key size : SHOULD- (see Security Considerations) NEW: The following are the requirements for S/MIME receiving agents during =20= signature verification of RSA signatures: key size <=3D 1023 : MAY (see Security Considerations) 1024 <=3D key size <=3D 2048 : MUST (see Security Considerations) 2048 < key size : MAY (see Security Considerations) The following are the requirements for S/MIME receiving agents during =20= signature verification of DSA signatures: key size <=3D 1023 : MAY (see Security Considerations) 1024 =3D key size : SHOULD- (see Security Considerations) (3) In Section 6 Security Considerations, please make the following =20 substitution: OLD: Today, 512-bit RSA and DSA keys are considered by many experts to be =20 cryptographically insecure. Using weak cryptography in S/MIME offers little actual security over =20 sending plaintext. However, other features of S/MIME, such as the =20 specification of AES and the ability to announce stronger =20 cryptographic capabilities to parties with whom you communicate, =20 allow senders to create messages that use strong encryption. Using =20 weak cryptography is never recommended unless the only alternative is =20= no cryptography. When feasible, sending and receiving agents SHOULD =20 inform senders and recipients of the relative cryptographic strength =20 of messages. NEW: Using weak cryptography in S/MIME offers little actual security over =20 sending plaintext. However, other features of S/MIME, such as the =20 specification of AES and the ability to announce stronger =20 cryptographic capabilities to parties with whom you communicate, =20 allow senders to create messages that use strong encryption. Using =20 weak cryptography is never recommended unless the only alternative is =20= no cryptography. RSA and DSA keys of less than 1024 bits are now considered by many =20 experts to be cryptographically insecure (due to advances in =20 computing power), and should no longer be used to protect messages. =20 Such keys were previously considered secure, so processing previously =20= received signed and encrypted mail will often result in the use of =20 weak keys. Implementations that wish to support previous versions of =20 S/MIME or process old messages need to consider the security risks =20 that result from smaller key sizes (e.g., spoofed messages) versus =20 the costs of denial of service. If an implementation supports =20 verification of digital signatures generated with RSA and DSA keys of =20= less than 1024 bits, it MUST warn the user. Implementers should =20 consider providing different warnings for newly received messages and =20= previously stored messages. Server implementations (e.g., secure =20 mail list servers) where user warnings are not appropriate SHOULD =20 reject messages with weak signatures. --- end of RFC Editor Note for draft-ietf-smime-3851bis --- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n05IFVK4027133 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 5 Jan 2009 11:15:31 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n05IFV7f027132; Mon, 5 Jan 2009 11:15:31 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n05IFT9q027107 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=FAIL); Mon, 5 Jan 2009 11:15:30 -0700 (MST) (envelope-from mcgrew@cisco.com) X-IronPort-AV: E=Sophos;i="4.36,332,1228089600"; d="p7s'?scan'208";a="224066225" Received: from sj-dkim-1.cisco.com ([171.71.179.21]) by sj-iport-6.cisco.com with ESMTP; 05 Jan 2009 18:15:29 +0000 Received: from sj-core-1.cisco.com (sj-core-1.cisco.com [171.71.177.237]) by sj-dkim-1.cisco.com (8.12.11/8.12.11) with ESMTP id n05IFTwg004793; Mon, 5 Jan 2009 10:15:29 -0800 Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com [128.107.191.63]) by sj-core-1.cisco.com (8.13.8/8.13.8) with ESMTP id n05IFTt1024062; Mon, 5 Jan 2009 18:15:29 GMT Received: from xfe-sjc-212.amer.cisco.com ([171.70.151.187]) by xbh-sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 5 Jan 2009 10:15:29 -0800 Received: from stealth-10-32-254-212.cisco.com ([10.32.254.212]) by xfe-sjc-212.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 5 Jan 2009 10:15:28 -0800 Cc: ietf-pkix@imc.org, ietf-smime@imc.org, cfrg@irtf.org, saag@ietf.org Message-Id: <5F8E31B0-CD96-4ED1-83FD-883F0AD78657@cisco.com> From: David McGrew To: RJ Atkinson In-Reply-To: Content-Type: multipart/signed; boundary=Apple-Mail-28--530943312; micalg=sha1; protocol="application/pkcs7-signature" Mime-Version: 1.0 (Apple Message framework v929.2) Subject: attacks on keyed-hash constructions [was: Re: [cfrg] Further MD5 breaks: Creating a rogue CA certificate] Date: Mon, 5 Jan 2009 10:15:26 -0800 References: <200812301605.mBUG5cKU027325@raisinbran.srv.cs.cmu.edu> <9535147E88DA266C69B983D0@atlantis.pc.cs.cmu.edu> <200901051006.FAA20784@Sparkle.Rodents-Montreal.ORG> X-Mailer: Apple Mail (2.929.2) X-OriginalArrivalTime: 05 Jan 2009 18:15:28.0611 (UTC) FILETIME=[969C5B30:01C96F61] DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=5059; t=1231179329; x=1232043329; c=relaxed/simple; s=sjdkim1004; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=mcgrew@cisco.com; z=From:=20David=20McGrew=20 |Subject:=20attacks=20on=20keyed-hash=20constructions=20[wa s=3A=20Re=3A=20[cfrg]=20Further=20MD5=20breaks=3A=20Creating =20a=20rogue=20CA=20certificate] |Sender:=20; bh=qPhI4WZyZUZj1QJj+mjGuOCPBHDq0ZmCR0YsJEtfVis=; b=jLe9CpwfbLw6qFZiLttqNAHMr3IckcKvlUyuj0O3RSjvj7W+2q0K8ZOsfm i6/sXhyWMPuxWIseEY7CbLm4+1NyhFHB4TZ6C3+eFDZ0FC/ZJ4VwuHnPi5uv rtI8RjGvfhStRo0a+jdc5Ydow8QC76wKUkpfpqtbas/QDxwbVTXZI=; Authentication-Results: sj-dkim-1; header.From=mcgrew@cisco.com; dkim=pass ( sig from cisco.com/sjdkim1004 verified; ); Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: --Apple-Mail-28--530943312 Content-Type: text/plain; charset=WINDOWS-1252; format=flowed; delsp=yes Content-Transfer-Encoding: quoted-printable Hi Ran, On Jan 5, 2009, at 5:26 AM, RJ Atkinson wrote: > > On 5 Jan 2009, at 04:57, der Mouse wrote: >> What I, as an amateur, take away from it is approximately "MD5 is >> showing more and more cracks and nobody should use it for anything =20= >> that >> needs to withstand a malicious adversary". > > Within the CA world, many folks here seem to agree. > > However, the usage in CAs is rather different from > some other modes of operation (e.g. Keyed-Hash, HMAC-Hash). > > So far, there are no known attacks on those other modes of operation. > [If someone knows of a refereed paper that's been published > on those latter topics, please share a citation here.] I'm not sure what you mean by keyed-hash, but here are some attacks =20 that might be relevant. [1] B. Preneel and P. van Oorschot, =93MD-x MAC and building fast MACs =20= from hash functions,=94 Advances in Cryptology =96 Crypto 95 Proceedings, Lecture =20= Notes in Computer Science Vol. 963, D. Coppersmith ed., Springer-Verlag, 1995. [2] B. Preneel and P. van Oorschot, =93On the security of two MAC =20 algorithms,=94 Advances in Cryptology =96 Eurocrypt 96 Proceedings, Lecture Notes in Computer =20= Science Vol. ??, U. Maurer ed., Springer-Verlag, 1996. RFC 2385 uses the method broken in Section 4.2 of [1]. HMAC seems to be secure given some reasonable assumptions about the =20 hash functions (namely, that the underlying hash has a compression =20 function that is a PRF - no collision resistance is required); see = http://eprint.iacr.org/2006/043 > > >> These may be the best openly published breaks of MD5 at the moment, > > Mind, there are published "serious attacks" [using NIST's words > from their web site] against SHA-0 and SHA-1 also. Timothy > Miller seemed to suggest in recent email that perhaps the PKIX WG > might enhance the CA structure to increase attack resistance in an > algorithm-independent way. > > Now, may I suggest that folks please LOOK AT and possibly > REDUCE/EDIT the CC line as they reply to this thread going forward. > Items that are PKIX specific likely belong only on the PKIX > list. Ditto for SMIME specific issues to the SMIME list. > That would leave only generic comments for the SAAG list. > Done. David --Apple-Mail-28--530943312 Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIDnjCCA5ow ggKCoAMCAQICAWQwCwYJKoZIhvcNAQEFMG0xFTATBgNVBAMMDERhdmlkIE1jR3JldzETMBEGA1UE CAwKQ2FsaWZvcm5pYTELMAkGA1UEBhMCVVMxETAPBgNVBAcMCFNhbiBKb3NlMR8wHQYJKoZIhvcN AQkBFhBtY2dyZXdAY2lzY28uY29tMB4XDTA4MTIwOTIyMDMzMFoXDTA5MTIwOTIyMDMzMFowbTEV MBMGA1UEAwwMRGF2aWQgTWNHcmV3MRMwEQYDVQQIDApDYWxpZm9ybmlhMQswCQYDVQQGEwJVUzER MA8GA1UEBwwIU2FuIEpvc2UxHzAdBgkqhkiG9w0BCQEWEG1jZ3Jld0BjaXNjby5jb20wggEiMA0G CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDh5WR1gATRK4ubbWwmG2T/XTUeVc2FAxnmtoYy00fM 5jp3DYFXHkWj4Cl8RVVfAJxP/2PhKsTl0qx2b7N9pIZZa6BaODEyJ8yVMRHloHrpzHeU8DIrst/H SFVkcJvl3p9LFD42BCvznzQ48VxnWX68OCk7GAwg6XoKMY8Z1F70PVvcZ0JcbnDuKx0efQ+P74uY UdpjRYSXb2xJUziGs5k6b1kTr5754B3tnYCGkum49YAbONpsOL4R+e4HNNrkVTx254ggrcDb1GDr IpZYCSPh6lZWwOp0XBoJiLYEKXuBf/jSNEv15/Kt/Uu5Oh8jUBxkBHGAVZuaVu25s3Zk9waLAgMB AAGjRzBFMA4GA1UdDwEB/wQEAwIEsDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDBDAbBgNVHREEFDAS gRBtY2dyZXdAY2lzY28uY29tMA0GCSqGSIb3DQEBBQUAA4IBAQCbD+Y6Yu0d5FZHSGd7WTP7vlo+ SE2rF0YzqvcMYrEuu6VBbkOFGfq3leu2WVJinXYQwAgaZ7vJpH43/bjDIK4YuOqAUv57ZQjtCJ6W 6b0rdG8/A2cWcGoDjqmjAGJ4TC8oMIc0h33QPEjsGdon0nsV0QCxrgWcWEjFSzlE6kbR4pT3yA2V zo7byNoDoYpH5otGH0/cRQM9i6ENTytxzczPeNTt2uaMp/3s8MZ5W/0Yz8U/yy5bcS5TGrqgTvN7 mI+nngoJ4TNKapSpdSqCyEK86z51VWtRRFyBosLQsNhMYb7HWzW/mIQCG0SygOVjUcRPKxhYUokR gCmxsHqcL1uMMYIDBDCCAwACAQEwcjBtMRUwEwYDVQQDDAxEYXZpZCBNY0dyZXcxEzARBgNVBAgM CkNhbGlmb3JuaWExCzAJBgNVBAYTAlVTMREwDwYDVQQHDAhTYW4gSm9zZTEfMB0GCSqGSIb3DQEJ ARYQbWNncmV3QGNpc2NvLmNvbQIBZDAJBgUrDgMCGgUAoIIBZzAYBgkqhkiG9w0BCQMxCwYJKoZI hvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wOTAxMDUxODE1MjdaMCMGCSqGSIb3DQEJBDEWBBSXSan/ gRHaf9+QPHq7m6l0XczZ+DCBgQYJKwYBBAGCNxAEMXQwcjBtMRUwEwYDVQQDDAxEYXZpZCBNY0dy ZXcxEzARBgNVBAgMCkNhbGlmb3JuaWExCzAJBgNVBAYTAlVTMREwDwYDVQQHDAhTYW4gSm9zZTEf MB0GCSqGSIb3DQEJARYQbWNncmV3QGNpc2NvLmNvbQIBZDCBgwYLKoZIhvcNAQkQAgsxdKByMG0x FTATBgNVBAMMDERhdmlkIE1jR3JldzETMBEGA1UECAwKQ2FsaWZvcm5pYTELMAkGA1UEBhMCVVMx ETAPBgNVBAcMCFNhbiBKb3NlMR8wHQYJKoZIhvcNAQkBFhBtY2dyZXdAY2lzY28uY29tAgFkMA0G CSqGSIb3DQEBAQUABIIBABVUvthNkhYllLAjRtmJy0tf+00evlXhRTx0bq+50TyFYSf4aSSGW3m+ wkwhu+lCVdLGUZeyfjyDvTDpEPI2Glol6WHM2P0R0L7bL/IC5ZwYv9NAtLuP1e6jOGFzmN9V+bOG 5W5x5qWUCAkJVVScgH2ZAC7+wU2lmWaZMffDY8MKRhsW4Pwjx7r666Yl5LqjWRXLOMLF495KfgFE IdHUcM377I/JRTXvLxZeEs0r6K6+oI+5k/syJLiJ2Gg2OiVX7w6HdODcM6cXNHe5OaXjjvAwFD9K 7Ceckf0Hj42TLmvjEkV31AdWlNEhyl6XFkIDnTaSHRtDtOKgN4fZDIUT5hwAAAAAAAA= --Apple-Mail-28--530943312-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n05EetuG096013 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 5 Jan 2009 07:40:55 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n05EetdR096012; Mon, 5 Jan 2009 07:40:55 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from smtp-bedford.mitre.org (smtp-bedford.mitre.org [129.83.20.191]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n05Eermp096000; Mon, 5 Jan 2009 07:40:53 -0700 (MST) (envelope-from tmiller@mitre.org) Received: from smtp-bedford.mitre.org (localhost.localdomain [127.0.0.1]) by smtp-bedford.mitre.org (8.13.1/8.13.1) with ESMTP id n05EepRd014015; Mon, 5 Jan 2009 09:40:52 -0500 Received: from imchub1.MITRE.ORG (imchub1.mitre.org [129.83.29.73]) by smtp-bedford.mitre.org (8.13.1/8.13.1) with ESMTP id n05EepET013978; Mon, 5 Jan 2009 09:40:51 -0500 Received: from [129.83.200.3] (129.83.200.3) by imchub1.MITRE.ORG (129.83.29.73) with Microsoft SMTP Server (TLS) id 8.1.311.2; Mon, 5 Jan 2009 09:40:51 -0500 Message-ID: <49621BD4.1020909@mitre.org> Date: Mon, 5 Jan 2009 08:40:20 -0600 From: "Timothy J. Miller" User-Agent: Thunderbird 2.0.0.19 (Windows/20081209) MIME-Version: 1.0 To: Yoav Nir CC: Robert Moskowitz , Peter Hesse , "ietf-pkix@imc.org" , "'Mike'" , "cfrg@irtf.org" , "saag@ietf.org" , "ietf-smime@imc.org" Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate References: <495BA5E9.8040305@pobox.com> <495E3446.4070606@htt-consult.com> <230CAA22-D118-4F29-9DC8-32FDCD7D771E@checkpoint.com> In-Reply-To: <230CAA22-D118-4F29-9DC8-32FDCD7D771E@checkpoint.com> Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms070001040001010905020508" Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: --------------ms070001040001010905020508 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Yoav Nir wrote: >> This sounds great at an IETF mike, but out in the field how do you >> get all those millions of browsers to pull down a new trust list >> that will no longer include CA foobar? >> Can't happen now, and the way things are going, ain't going to >> happen before 2026 either. > There's this one company such that if they use Windows update to > update their browsers, the others will follow. Technically, it's very > easy to get rid of the bad CAs. However, that company is not going to > modify their browsers, not now, probably not in the next few years. I hate to burst your bubble, but there's no automated way to *remove* certs from the MS cert store. You have to script it, and the script can fail any number of different ways. The only reliable way to nuke a trusted cert from Windows is touch management of workstations. -- Tim --------------ms070001040001010905020508 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIKvjCC A2cwggJPoAMCAQICAh8FMA0GCSqGSIb3DQEBBQUAMF0xEjAQBgNVBAoTCW1pdHJlLm9yZzEe MBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MScwJQYDVQQDEx5NSVRSRSBDb3Jwb3Jh dGlvbiBQcmltYXJ5IENBLTEwHhcNMDgwODIxMTUzMTI5WhcNMTAwMjEyMTUzMTI5WjBaMRIw EAYDVQQKEwltaXRyZS5vcmcxDzANBgNVBAsTBnBlb3BsZTEXMBUGCgmSJomT8ixkAQETB3Rt aWxsZXIxGjAYBgNVBAMTEU1pbGxlciBUaW1vdGh5IEouMIGfMA0GCSqGSIb3DQEBAQUAA4GN ADCBiQKBgQCTxM+z5fDKvmBInGatv0DkVwuOxd69S2M2jho8QkOltYJK/4JUm9uK0UtQZkyI bEjmCpmXLw17iMCgA0SjwuUfJxdF8ntTys8keyMjRdlKSwFnkgZl9tL7o060LBtZQYzI5ajr W9k3N768G/k1bZS5UYiMGHU5+Ygl4IwVhmQv3wIDAQABo4G3MIG0MA4GA1UdDwEB/wQEAwIF 4DAdBgNVHQ4EFgQUSXARqmj5Bl2Lz7RLoUIkuOHl0MkwHwYDVR0jBBgwFoAUh7QPSI1iM0LB LVEaSB7CnrsKsa0wRAYDVR0fBD0wOzA5oDegNYYzaHR0cDovL3d3dy5taXRyZS5vcmcvdGVj aC9taWkvcGtpL2NhMV9taXRyZV9vcmcuY3JsMBwGA1UdEQQVMBOBEXRtaWxsZXJAbWl0cmUu b3JnMA0GCSqGSIb3DQEBBQUAA4IBAQAbA1PH/hed/rryO1f0yfTRJnD/vL1rFTduUut/irL7 FSXHGybuPHxydfyGPvJ4qj+T8hs1W0jTa2zQnaPR52tms3hefl76CNVP9vJoVmaM9svFX4DX 6eJh/4SAI81tAuBIK8gxsWd1Va/Bnnh1/wsZLc8w2jkojVqkT2AHPaHS3DBKX7QAWovXVSxY QlqMIH4zvSNSVfpvpIf0MWJWRBPvgerVSbJsA4dz6ziKvXDWySTV9zwSuNjikNqL//nIKwjb r3ZOfSUOxSuhW58an2Ha4TdORvG4dGJEsMzxbpTB+wt/s6tK6roONV4uiDtODBNVAG+XGofe McsS0b7iXdxDMIIDZzCCAk+gAwIBAgICHwUwDQYJKoZIhvcNAQEFBQAwXTESMBAGA1UEChMJ bWl0cmUub3JnMR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxJzAlBgNVBAMTHk1J VFJFIENvcnBvcmF0aW9uIFByaW1hcnkgQ0EtMTAeFw0wODA4MjExNTMxMjlaFw0xMDAyMTIx NTMxMjlaMFoxEjAQBgNVBAoTCW1pdHJlLm9yZzEPMA0GA1UECxMGcGVvcGxlMRcwFQYKCZIm iZPyLGQBARMHdG1pbGxlcjEaMBgGA1UEAxMRTWlsbGVyIFRpbW90aHkgSi4wgZ8wDQYJKoZI hvcNAQEBBQADgY0AMIGJAoGBAJPEz7Pl8Mq+YEicZq2/QORXC47F3r1LYzaOGjxCQ6W1gkr/ glSb24rRS1BmTIhsSOYKmZcvDXuIwKADRKPC5R8nF0Xye1PKzyR7IyNF2UpLAWeSBmX20vuj TrQsG1lBjMjlqOtb2Tc3vrwb+TVtlLlRiIwYdTn5iCXgjBWGZC/fAgMBAAGjgbcwgbQwDgYD VR0PAQH/BAQDAgXgMB0GA1UdDgQWBBRJcBGqaPkGXYvPtEuhQiS44eXQyTAfBgNVHSMEGDAW gBSHtA9IjWIzQsEtURpIHsKeuwqxrTBEBgNVHR8EPTA7MDmgN6A1hjNodHRwOi8vd3d3Lm1p dHJlLm9yZy90ZWNoL21paS9wa2kvY2ExX21pdHJlX29yZy5jcmwwHAYDVR0RBBUwE4ERdG1p bGxlckBtaXRyZS5vcmcwDQYJKoZIhvcNAQEFBQADggEBABsDU8f+F53+uvI7V/TJ9NEmcP+8 vWsVN25S63+KsvsVJccbJu48fHJ1/IY+8niqP5PyGzVbSNNrbNCdo9Hna2azeF5+XvoI1U/2 8mhWZoz2y8VfgNfp4mH/hIAjzW0C4EgryDGxZ3VVr8GeeHX/CxktzzDaOSiNWqRPYAc9odLc MEpftABai9dVLFhCWowgfjO9I1JV+m+kh/QxYlZEE++B6tVJsmwDh3PrOIq9cNbJJNX3PBK4 2OKQ2ov/+cgrCNuvdk59JQ7FK6FbnxqfYdrhN05G8bh0YkSwzPFulMH7C3+zq0rqug41Xi6I O04ME1UAb5cah94xyxLRvuJd3EMwggPkMIICzKADAgECAgEFMA0GCSqGSIb3DQEBBQUAMFox EjAQBgNVBAoTCW1pdHJlLm9yZzEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MSQw IgYDVQQDExtNSVRSRSBDb3Jwb3JhdGlvbiBSb290IENBLTEwHhcNMDYwNjAzMTcxMzIyWhcN MTIwNjAzMTcxMzIyWjBdMRIwEAYDVQQKEwltaXRyZS5vcmcxHjAcBgNVBAsTFUNlcnRpZmlj YXRlIEF1dGhvcml0eTEnMCUGA1UEAxMeTUlUUkUgQ29ycG9yYXRpb24gUHJpbWFyeSBDQS0x MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyPB7Vl0QgqgQt0u8Q2duRs7eZUPn hlflKPFPMXGG+iqGpImYs6nfbFPsn0q8FqklFsm/UEV2JJQ3c7Srwfrqe9CrCbVFh761OxZI 7fnUWiUasNP2ING19aAfrQ8IoJsAEtGzHeIacS+M5CN4C0yfUC6CpBZTc9ZldjLUatvJr407 K1i+7WnrRsMVKhICfgmiO/XiVR9YeXyzeRqFrLy6YtJCJuJd0QRfwKtKRpek5oU67Izr7ClH DtPJs7UOTjMYBS2fTzztC+wwOTp6+A3ZbEymuQcAZRwmGkjVBe2R8MiX26R02Iigz+903ZAL /6bpvx0DnkrlR2UFr1KBGfBqmQIDAQABo4GxMIGuMBIGA1UdEwEB/wQIMAYBAf8CAQIwDgYD VR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSHtA9IjWIzQsEtURpIHsKeuwqxrTAfBgNVHSMEGDAW gBTHcFEA2E3+5AHUaJbFPZ+al/50LzBIBgNVHR8EQTA/MD2gO6A5hjdodHRwOi8vd3d3Lm1p dHJlLm9yZy90ZWNoL21paS9wa2kvcm9vdGNhMV9taXRyZV9vcmcuY3JsMA0GCSqGSIb3DQEB BQUAA4IBAQBNbm7rrins3SICPbteX9qSN1+RJClqix/pw3IAe7u60LK0V9jVZ9E2a+c0MZiS ojdcwU5rXxI2OI2wwIf6wVBo76jIOc+IiQRlC+V8YatGmoibqP/8WDPzlud/WQAzkjrU2nuh 8KdyJG+n1kH/6772Lbra2CIk8mu8FypeaB5P2uIJzdE+PGo82ZiyU680ukiJ9yF6UmEXuciB 77tGQBRxMl6ePzIrArQnf48SmBhFD5XYLraueOiG7E+AzD99ig1M6WHcxWXtp3DIrVqE/DZr 146NJaCWqg9NoE14cmpEllnpWLtLnn5UBYJ+QCozmbe1SJXOOynZ0VxMnGdh7NqgMYICqDCC AqQCAQEwYzBdMRIwEAYDVQQKEwltaXRyZS5vcmcxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1 dGhvcml0eTEnMCUGA1UEAxMeTUlUUkUgQ29ycG9yYXRpb24gUHJpbWFyeSBDQS0xAgIfBTAJ BgUrDgMCGgUAoIIBmzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEP Fw0wOTAxMDUxNDQwMjBaMCMGCSqGSIb3DQEJBDEWBBQSPC3dPpk05tig2GinEiQq/mA0sDBS BgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0D AgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDByBgkrBgEEAYI3EAQxZTBjMF0xEjAQBgNV BAoTCW1pdHJlLm9yZzEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MScwJQYDVQQD Ex5NSVRSRSBDb3Jwb3JhdGlvbiBQcmltYXJ5IENBLTECAh8FMHQGCyqGSIb3DQEJEAILMWWg YzBdMRIwEAYDVQQKEwltaXRyZS5vcmcxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0 eTEnMCUGA1UEAxMeTUlUUkUgQ29ycG9yYXRpb24gUHJpbWFyeSBDQS0xAgIfBTANBgkqhkiG 9w0BAQEFAASBgCWU5pWSQ26W1GWOS1O6u2maERpV1SaNQz8CO2ZgJOiaEVaMd+PWQW5X085o VdD79oEPRc7V/Ow7Ti/y160IXe2663qiEpPLRmHwUBBu65OLBPI7cOE7l88IP6qyat8ct7XX /Jy6tYLuFBDyyiCYutOesjuQK8B5J8QZhwLlDonwAAAAAAAA --------------ms070001040001010905020508-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n05EBY8q094113 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 5 Jan 2009 07:11:34 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n05EBYMV094111; Mon, 5 Jan 2009 07:11:34 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from smtp-bedford.mitre.org (smtp-bedford.mitre.org [129.83.20.191]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n05EBMi0094084; Mon, 5 Jan 2009 07:11:32 -0700 (MST) (envelope-from tmiller@mitre.org) Received: from smtp-bedford.mitre.org (localhost.localdomain [127.0.0.1]) by smtp-bedford.mitre.org (8.13.1/8.13.1) with ESMTP id n05EBLrJ024501; Mon, 5 Jan 2009 09:11:21 -0500 Received: from imchub1.MITRE.ORG (imchub1.mitre.org [129.83.29.73]) by smtp-bedford.mitre.org (8.13.1/8.13.1) with ESMTP id n05EBK0m024486; Mon, 5 Jan 2009 09:11:20 -0500 Received: from [129.83.200.3] (129.83.200.3) by imchub1.MITRE.ORG (129.83.29.73) with Microsoft SMTP Server (TLS) id 8.1.311.2; Mon, 5 Jan 2009 09:11:20 -0500 Message-ID: <496214E9.6010902@mitre.org> Date: Mon, 5 Jan 2009 08:10:49 -0600 From: "Timothy J. Miller" User-Agent: Thunderbird 2.0.0.19 (Windows/20081209) MIME-Version: 1.0 To: Ben Laurie CC: Santosh Chokhani , Paul Hoffman , "cfrg@irtf.org" , "ietf-smime@imc.org" , "saag@ietf.org" , "ietf-pkix@imc.org" , "mike-list@pobox.com" Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate References: <495BA5E9.8040305@pobox.com> <1b587cab0901010706j6e8cd2f8pf23345660a4825a5@mail.gmail.com> <495D0100.6000200@links.org> <495D1C0A.2080105@links.org> In-Reply-To: <495D1C0A.2080105@links.org> Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms030202050805090401080206" Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: --------------ms030202050805090401080206 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Ben Laurie wrote: > I am not suggesting that we should fix X.509, I am pointing out, in my > own roundabout way, that X.509 certs are supposed to have a canonical > form. But it seems they do not. That was last month's major discussion on PKIX. The upshot: there's no canonical form other than what's in memory. -- Tim --------------ms030202050805090401080206 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIKvjCC A2cwggJPoAMCAQICAh8FMA0GCSqGSIb3DQEBBQUAMF0xEjAQBgNVBAoTCW1pdHJlLm9yZzEe MBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MScwJQYDVQQDEx5NSVRSRSBDb3Jwb3Jh dGlvbiBQcmltYXJ5IENBLTEwHhcNMDgwODIxMTUzMTI5WhcNMTAwMjEyMTUzMTI5WjBaMRIw EAYDVQQKEwltaXRyZS5vcmcxDzANBgNVBAsTBnBlb3BsZTEXMBUGCgmSJomT8ixkAQETB3Rt aWxsZXIxGjAYBgNVBAMTEU1pbGxlciBUaW1vdGh5IEouMIGfMA0GCSqGSIb3DQEBAQUAA4GN ADCBiQKBgQCTxM+z5fDKvmBInGatv0DkVwuOxd69S2M2jho8QkOltYJK/4JUm9uK0UtQZkyI bEjmCpmXLw17iMCgA0SjwuUfJxdF8ntTys8keyMjRdlKSwFnkgZl9tL7o060LBtZQYzI5ajr W9k3N768G/k1bZS5UYiMGHU5+Ygl4IwVhmQv3wIDAQABo4G3MIG0MA4GA1UdDwEB/wQEAwIF 4DAdBgNVHQ4EFgQUSXARqmj5Bl2Lz7RLoUIkuOHl0MkwHwYDVR0jBBgwFoAUh7QPSI1iM0LB LVEaSB7CnrsKsa0wRAYDVR0fBD0wOzA5oDegNYYzaHR0cDovL3d3dy5taXRyZS5vcmcvdGVj aC9taWkvcGtpL2NhMV9taXRyZV9vcmcuY3JsMBwGA1UdEQQVMBOBEXRtaWxsZXJAbWl0cmUu b3JnMA0GCSqGSIb3DQEBBQUAA4IBAQAbA1PH/hed/rryO1f0yfTRJnD/vL1rFTduUut/irL7 FSXHGybuPHxydfyGPvJ4qj+T8hs1W0jTa2zQnaPR52tms3hefl76CNVP9vJoVmaM9svFX4DX 6eJh/4SAI81tAuBIK8gxsWd1Va/Bnnh1/wsZLc8w2jkojVqkT2AHPaHS3DBKX7QAWovXVSxY QlqMIH4zvSNSVfpvpIf0MWJWRBPvgerVSbJsA4dz6ziKvXDWySTV9zwSuNjikNqL//nIKwjb r3ZOfSUOxSuhW58an2Ha4TdORvG4dGJEsMzxbpTB+wt/s6tK6roONV4uiDtODBNVAG+XGofe McsS0b7iXdxDMIIDZzCCAk+gAwIBAgICHwUwDQYJKoZIhvcNAQEFBQAwXTESMBAGA1UEChMJ bWl0cmUub3JnMR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxJzAlBgNVBAMTHk1J VFJFIENvcnBvcmF0aW9uIFByaW1hcnkgQ0EtMTAeFw0wODA4MjExNTMxMjlaFw0xMDAyMTIx NTMxMjlaMFoxEjAQBgNVBAoTCW1pdHJlLm9yZzEPMA0GA1UECxMGcGVvcGxlMRcwFQYKCZIm iZPyLGQBARMHdG1pbGxlcjEaMBgGA1UEAxMRTWlsbGVyIFRpbW90aHkgSi4wgZ8wDQYJKoZI hvcNAQEBBQADgY0AMIGJAoGBAJPEz7Pl8Mq+YEicZq2/QORXC47F3r1LYzaOGjxCQ6W1gkr/ glSb24rRS1BmTIhsSOYKmZcvDXuIwKADRKPC5R8nF0Xye1PKzyR7IyNF2UpLAWeSBmX20vuj TrQsG1lBjMjlqOtb2Tc3vrwb+TVtlLlRiIwYdTn5iCXgjBWGZC/fAgMBAAGjgbcwgbQwDgYD VR0PAQH/BAQDAgXgMB0GA1UdDgQWBBRJcBGqaPkGXYvPtEuhQiS44eXQyTAfBgNVHSMEGDAW gBSHtA9IjWIzQsEtURpIHsKeuwqxrTBEBgNVHR8EPTA7MDmgN6A1hjNodHRwOi8vd3d3Lm1p dHJlLm9yZy90ZWNoL21paS9wa2kvY2ExX21pdHJlX29yZy5jcmwwHAYDVR0RBBUwE4ERdG1p bGxlckBtaXRyZS5vcmcwDQYJKoZIhvcNAQEFBQADggEBABsDU8f+F53+uvI7V/TJ9NEmcP+8 vWsVN25S63+KsvsVJccbJu48fHJ1/IY+8niqP5PyGzVbSNNrbNCdo9Hna2azeF5+XvoI1U/2 8mhWZoz2y8VfgNfp4mH/hIAjzW0C4EgryDGxZ3VVr8GeeHX/CxktzzDaOSiNWqRPYAc9odLc MEpftABai9dVLFhCWowgfjO9I1JV+m+kh/QxYlZEE++B6tVJsmwDh3PrOIq9cNbJJNX3PBK4 2OKQ2ov/+cgrCNuvdk59JQ7FK6FbnxqfYdrhN05G8bh0YkSwzPFulMH7C3+zq0rqug41Xi6I O04ME1UAb5cah94xyxLRvuJd3EMwggPkMIICzKADAgECAgEFMA0GCSqGSIb3DQEBBQUAMFox EjAQBgNVBAoTCW1pdHJlLm9yZzEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MSQw IgYDVQQDExtNSVRSRSBDb3Jwb3JhdGlvbiBSb290IENBLTEwHhcNMDYwNjAzMTcxMzIyWhcN MTIwNjAzMTcxMzIyWjBdMRIwEAYDVQQKEwltaXRyZS5vcmcxHjAcBgNVBAsTFUNlcnRpZmlj YXRlIEF1dGhvcml0eTEnMCUGA1UEAxMeTUlUUkUgQ29ycG9yYXRpb24gUHJpbWFyeSBDQS0x MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyPB7Vl0QgqgQt0u8Q2duRs7eZUPn hlflKPFPMXGG+iqGpImYs6nfbFPsn0q8FqklFsm/UEV2JJQ3c7Srwfrqe9CrCbVFh761OxZI 7fnUWiUasNP2ING19aAfrQ8IoJsAEtGzHeIacS+M5CN4C0yfUC6CpBZTc9ZldjLUatvJr407 K1i+7WnrRsMVKhICfgmiO/XiVR9YeXyzeRqFrLy6YtJCJuJd0QRfwKtKRpek5oU67Izr7ClH DtPJs7UOTjMYBS2fTzztC+wwOTp6+A3ZbEymuQcAZRwmGkjVBe2R8MiX26R02Iigz+903ZAL /6bpvx0DnkrlR2UFr1KBGfBqmQIDAQABo4GxMIGuMBIGA1UdEwEB/wQIMAYBAf8CAQIwDgYD VR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSHtA9IjWIzQsEtURpIHsKeuwqxrTAfBgNVHSMEGDAW gBTHcFEA2E3+5AHUaJbFPZ+al/50LzBIBgNVHR8EQTA/MD2gO6A5hjdodHRwOi8vd3d3Lm1p dHJlLm9yZy90ZWNoL21paS9wa2kvcm9vdGNhMV9taXRyZV9vcmcuY3JsMA0GCSqGSIb3DQEB BQUAA4IBAQBNbm7rrins3SICPbteX9qSN1+RJClqix/pw3IAe7u60LK0V9jVZ9E2a+c0MZiS ojdcwU5rXxI2OI2wwIf6wVBo76jIOc+IiQRlC+V8YatGmoibqP/8WDPzlud/WQAzkjrU2nuh 8KdyJG+n1kH/6772Lbra2CIk8mu8FypeaB5P2uIJzdE+PGo82ZiyU680ukiJ9yF6UmEXuciB 77tGQBRxMl6ePzIrArQnf48SmBhFD5XYLraueOiG7E+AzD99ig1M6WHcxWXtp3DIrVqE/DZr 146NJaCWqg9NoE14cmpEllnpWLtLnn5UBYJ+QCozmbe1SJXOOynZ0VxMnGdh7NqgMYICqDCC AqQCAQEwYzBdMRIwEAYDVQQKEwltaXRyZS5vcmcxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1 dGhvcml0eTEnMCUGA1UEAxMeTUlUUkUgQ29ycG9yYXRpb24gUHJpbWFyeSBDQS0xAgIfBTAJ BgUrDgMCGgUAoIIBmzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEP Fw0wOTAxMDUxNDEwNDlaMCMGCSqGSIb3DQEJBDEWBBSDPQhbY26jaDdUKPOtB4gReiXvRTBS BgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0D AgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDByBgkrBgEEAYI3EAQxZTBjMF0xEjAQBgNV BAoTCW1pdHJlLm9yZzEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MScwJQYDVQQD Ex5NSVRSRSBDb3Jwb3JhdGlvbiBQcmltYXJ5IENBLTECAh8FMHQGCyqGSIb3DQEJEAILMWWg YzBdMRIwEAYDVQQKEwltaXRyZS5vcmcxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0 eTEnMCUGA1UEAxMeTUlUUkUgQ29ycG9yYXRpb24gUHJpbWFyeSBDQS0xAgIfBTANBgkqhkiG 9w0BAQEFAASBgC2068jNlWSn64YcsvU04REhtJnMOZYhx6rrMPrjFmoq7bvNJ2vIBA91zWAz ypaQhqHqYODjapnJ1CwHoHts1Ff/A0jeBcqdWUMEZFnkJCtZwGruMClZJwLiHeYdzBueizld FQYycjbD+jNX17S8GB288wkFDYJzInkII3V6qwgtAAAAAAAA --------------ms030202050805090401080206-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n05DRKP3091711 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 5 Jan 2009 06:27:21 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n05DRKMd091709; Mon, 5 Jan 2009 06:27:20 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from vms044pub.verizon.net (vms044pub.verizon.net [206.46.252.44]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n05DR8ke091693; Mon, 5 Jan 2009 06:27:19 -0700 (MST) (envelope-from rja@extremenetworks.com) Received: from [10.30.20.71] ([70.104.193.39]) by vms044.mailsrvcs.net (Sun Java System Messaging Server 6.2-6.01 (built Apr 3 2006)) with ESMTPA id <0KD000BYR2OSD332@vms044.mailsrvcs.net>; Mon, 05 Jan 2009 07:26:57 -0600 (CST) Date: Mon, 05 Jan 2009 08:26:52 -0500 From: RJ Atkinson Subject: Re: [saag] Further MD5 breaks: Creating a rogue CA certificate In-reply-to: <200901051006.FAA20784@Sparkle.Rodents-Montreal.ORG> To: der Mouse Cc: "ietf-pkix@imc.org" , "ietf-smime@imc.org" , "cfrg@irtf.org" , "saag@ietf.org" Message-id: MIME-version: 1.0 (Apple Message framework v930.3) X-Mailer: Apple Mail (2.930.3) Content-type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-transfer-encoding: 7bit References: <200812301605.mBUG5cKU027325@raisinbran.srv.cs.cmu.edu> <9535147E88DA266C69B983D0@atlantis.pc.cs.cmu.edu> <200901051006.FAA20784@Sparkle.Rodents-Montreal.ORG> Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: On 5 Jan 2009, at 04:57, der Mouse wrote: > What I, as an amateur, take away from it is approximately "MD5 is > showing more and more cracks and nobody should use it for anything > that > needs to withstand a malicious adversary". Within the CA world, many folks here seem to agree. However, the usage in CAs is rather different from some other modes of operation (e.g. Keyed-Hash, HMAC-Hash). So far, there are no known attacks on those other modes of operation. [If someone knows of a refereed paper that's been published on those latter topics, please share a citation here.] > These may be the best openly published breaks of MD5 at the moment, Mind, there are published "serious attacks" [using NIST's words from their web site] against SHA-0 and SHA-1 also. Timothy Miller seemed to suggest in recent email that perhaps the PKIX WG might enhance the CA structure to increase attack resistance in an algorithm-independent way. Now, may I suggest that folks please LOOK AT and possibly REDUCE/EDIT the CC line as they reply to this thread going forward. Items that are PKIX specific likely belong only on the PKIX list. Ditto for SMIME specific issues to the SMIME list. That would leave only generic comments for the SAAG list. Cheers, Ran Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n057kQ1T073939 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 5 Jan 2009 00:46:26 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n057kQqE073938; Mon, 5 Jan 2009 00:46:26 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from dlpdemo.checkpoint.com (dlpdemo.checkpoint.com [194.29.32.54]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n057kOq2073915; Mon, 5 Jan 2009 00:46:24 -0700 (MST) (envelope-from ynir@checkpoint.com) Received: by dlpdemo.checkpoint.com (Postfix, from userid 105) id F169929C002; Mon, 5 Jan 2009 09:46:23 +0200 (IST) Received: from michael.checkpoint.com (michael.checkpoint.com [194.29.32.68]) by dlpdemo.checkpoint.com (Postfix) with ESMTP id 1F4D629C001; Mon, 5 Jan 2009 09:46:23 +0200 (IST) X-CheckPoint: {4961B8EC-10000-88241DC2-7B6} Received: from gilg-7800.ad.checkpoint.com (localhost [127.0.0.1]) by michael.checkpoint.com (8.12.10+Sun/8.12.10) with ESMTP id n057kMfE028615; Mon, 5 Jan 2009 09:46:22 +0200 (IST) Cc: Paul Hoffman , ietf-pkix@imc.org, ietf-smime@imc.org, cfrg@irtf.org, saag@ietf.org Message-Id: From: Yoav Nir To: "B.M.M. de Weger" In-Reply-To: <61150136-EAAD-4609-8AAC-22D57372359F@checkpoint.com> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v930.3) Subject: Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate Date: Mon, 5 Jan 2009 09:46:21 +0200 References: <495BA5E9.8040305@pobox.com> <495E3446.4070606@htt-consult.com> <230CAA22-D118-4F29-9DC8-32FDCD7D771E@checkpoint.com> <7DF2365FF07C0E4E89419D65CCC93C9E014149035E31@EXCHANGE11.campus.tue.nl> <61150136-EAAD-4609-8AAC-22D57372359F@checkpoint.com> X-Mailer: Apple Mail (2.930.3) Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Oh, OK. I got it now. Eek. On Jan 5, 2009, at 9:37 AM, Yoav Nir wrote: > OK. Now I'm a lot confused :-) > > On Jan 5, 2009, at 12:02 AM, Weger, B.M.M. de wrote: > >> Hi Paul, >> >>>>> Just to repeat it one more time: #3 does not prevent the >>> published attack. >>>> >>>> It does if the random fluff is inserted by the CA. The >>> attack depends on their ability to predict the entire TBS part. >>> >>> I may have misunderstood the paper, but I think that changes >>> after the subjectPublicKeyInfo do not affect the attack. >> >> Almost correct. A random looking "collision block" has to be inserted >> somewhere. We chose to insert it in the public key, as that seems >> the most convenient. Somebody else may find another place where >> it can be hidden (maybe in a "subject key identifier" field or >> something, >> I don't know what would be feasible). Everything after the "collision >> block" must be copied bitwise into the twin certificate, and must be >> 'harmless' there. If 'random fluff' is inserted by the CA after the >> "collision block", this 'random fluff' can be copied into the twin >> certificate as well, retaining the collision property, and this >> would indeed be irrelevant to our attack. > > If you inserted a random looking collision block in the public key, > how did your signature on the PKCS#10 request verify? > >> >> >>>> Also, I've updated today and all the "bad" CAs with MD5 >>> signatures are still in the TAS. >>> >>> As was pointed out to me earlier: it does not matter if the >>> CA has its cert signed with MD5, only whether that CA *signs* >>> with MD5. RapidSSL, for example, is still signed with MD5 but >>> is now signing with SHA-1. >> >> Correct. > > Sure, but the other authorities that signed with MD5 (no idea if > they've changed their evil ways) are still there. > Email secured by Check Point Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n057bq5u073695 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 5 Jan 2009 00:37:52 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n057bqeH073693; Mon, 5 Jan 2009 00:37:52 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from dlpdemo.checkpoint.com (dlpdemo.checkpoint.com [194.29.32.54]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n057bdmS073671; Mon, 5 Jan 2009 00:37:50 -0700 (MST) (envelope-from ynir@checkpoint.com) Received: by dlpdemo.checkpoint.com (Postfix, from userid 105) id 42E2D29C003; Mon, 5 Jan 2009 09:37:38 +0200 (IST) Received: from michael.checkpoint.com (michael.checkpoint.com [194.29.32.68]) by dlpdemo.checkpoint.com (Postfix) with ESMTP id A8C0129C001; Mon, 5 Jan 2009 09:37:12 +0200 (IST) X-CheckPoint: {4961B6C6-10000-88241DC2-7B6} Received: from shiramnew.ad.checkpoint.com (localhost [127.0.0.1]) by michael.checkpoint.com (8.12.10+Sun/8.12.10) with ESMTP id n057bCfE026492; Mon, 5 Jan 2009 09:37:12 +0200 (IST) Cc: Paul Hoffman , "ietf-pkix@imc.org" , "ietf-smime@imc.org" , "cfrg@irtf.org" , "saag@ietf.org" Message-Id: <61150136-EAAD-4609-8AAC-22D57372359F@checkpoint.com> From: Yoav Nir To: "Weger, B.M.M. de" In-Reply-To: <7DF2365FF07C0E4E89419D65CCC93C9E014149035E31@EXCHANGE11.campus.tue.nl> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v930.3) Subject: Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate Date: Mon, 5 Jan 2009 09:37:11 +0200 References: <495BA5E9.8040305@pobox.com> <495E3446.4070606@htt-consult.com> <230CAA22-D118-4F29-9DC8-32FDCD7D771E@checkpoint.com> <7DF2365FF07C0E4E89419D65CCC93C9E014149035E31@EXCHANGE11.campus.tue.nl> X-Mailer: Apple Mail (2.930.3) Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: OK. Now I'm a lot confused :-) On Jan 5, 2009, at 12:02 AM, Weger, B.M.M. de wrote: > Hi Paul, > >>>> Just to repeat it one more time: #3 does not prevent the >> published attack. >>> >>> It does if the random fluff is inserted by the CA. The >> attack depends on their ability to predict the entire TBS part. >> >> I may have misunderstood the paper, but I think that changes >> after the subjectPublicKeyInfo do not affect the attack. > > Almost correct. A random looking "collision block" has to be inserted > somewhere. We chose to insert it in the public key, as that seems > the most convenient. Somebody else may find another place where > it can be hidden (maybe in a "subject key identifier" field or > something, > I don't know what would be feasible). Everything after the "collision > block" must be copied bitwise into the twin certificate, and must be > 'harmless' there. If 'random fluff' is inserted by the CA after the > "collision block", this 'random fluff' can be copied into the twin > certificate as well, retaining the collision property, and this > would indeed be irrelevant to our attack. If you inserted a random looking collision block in the public key, how did your signature on the PKCS#10 request verify? > > >>> Also, I've updated today and all the "bad" CAs with MD5 >> signatures are still in the TAS. >> >> As was pointed out to me earlier: it does not matter if the >> CA has its cert signed with MD5, only whether that CA *signs* >> with MD5. RapidSSL, for example, is still signed with MD5 but >> is now signing with SHA-1. > > Correct. Sure, but the other authorities that signed with MD5 (no idea if they've changed their evil ways) are still there. Email secured by Check Point Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n04MYZx6055363 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 4 Jan 2009 15:34:35 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n04MYZ3Q055361; Sun, 4 Jan 2009 15:34:35 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from scygmxsecs1.cygnacom.com (scygmxsecs1.cygnacom.com [65.242.48.253]) by balder-227.proper.com (8.14.2/8.14.2) with SMTP id n04MYNpR055337 for ; Sun, 4 Jan 2009 15:34:33 -0700 (MST) (envelope-from SChokhani@cygnacom.com) Received: (qmail 6928 invoked from network); 4 Jan 2009 22:34:40 -0000 Received: from SChokhani@cygnacom.com by scygmxsecs1.cygnacom.com with EntrustECS-Server-7.4;04 Jan 2009 22:34:40 -0000 Received: from unknown (HELO scygexch1.cygnacom.com) (10.60.50.8) by scygmxsecs1.cygnacom.com with SMTP; 4 Jan 2009 22:34:40 -0000 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft Exchange V6.5 Subject: RE: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate Date: Sun, 4 Jan 2009 17:34:21 -0500 Message-ID: In-Reply-To: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate Thread-Index: AclurKoRqf7W7I+NT92pGLSCmb5SbAAD7uUg References: <495BA5E9.8040305@pobox.com> <495E3446.4070606@htt-consult.com><230CAA22-D118-4F29-9DC8-32FDCD7D771E@checkpoint.com> From: "Santosh Chokhani" To: "Paul Hoffman" , "Yoav Nir" Cc: , , , Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: I agree with Paul. Unless the Length of TBD certificate as part of DER is made unpredictable, any values on extensions just go in the tumor. -----Original Message----- From: cfrg-bounces@irtf.org [mailto:cfrg-bounces@irtf.org] On Behalf Of Paul Hoffman Sent: Sunday, January 04, 2009 3:40 PM To: Yoav Nir Cc: ietf-pkix@imc.org; ietf-smime@imc.org; cfrg@irtf.org; saag@ietf.org Subject: Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate At 10:23 PM +0200 1/4/09, Yoav Nir wrote: >On Jan 4, 2009, at 9:11 PM, Paul Hoffman wrote: > >>At 9:02 AM +0200 1/4/09, Yoav Nir wrote: >>>Best we can do is to get the CAs to >>> >>>(1) not issue MD5 certs anymore and >>>(2) randomize the serial number and/or >>>(3) and a random fluff extension that people are talking about >> >>Just to repeat it one more time: #3 does not prevent the published attack. > >It does if the random fluff is inserted by the CA. The attack depends on their ability to predict the entire TBS part. I may have misunderstood the paper, but I think that changes after the subjectPublicKeyInfo do not affect the attack. >>>But still, I don't see Microsoft removing a root CA because one of their sub-CAs is issuing non-compliant certificates. >> >>It is hard to see Microsoft removing or adding CAs. If anyone knows of a public interface (mailing list, web site, whatever) for when this happens, by all means please the world know. > >I managed to find a page with their policy on adding new root CAs. Nothing there about removing old root CAs. I'm not talking about the policy: I'm talking about the actual trust anchors themselves. >>>And if Microsoft don't, nobody else will. The Firefox/Opera/Safari/Chrome people don't want any sites that "only work with Explorer". >> >>At least with respect to Firefox, I think that statement is false. > >They've done quite a bit to render broken sites that were made for IE. That is irrelevant for this thread. There are active discussions in the Firefox community about adding and removing trust anchors that are and are not already in the IE trust anchor pile. >Also, I've updated today and all the "bad" CAs with MD5 signatures are still in the TAS. As was pointed out to me earlier: it does not matter if the CA has its cert signed with MD5, only whether that CA *signs* with MD5. RapidSSL, for example, is still signed with MD5 but is now signing with SHA-1. --Paul Hoffman, Director --VPN Consortium _______________________________________________ Cfrg mailing list Cfrg@irtf.org https://www.irtf.org/mailman/listinfo/cfrg Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n04MUS0p055191 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 4 Jan 2009 15:30:28 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n04MUShH055190; Sun, 4 Jan 2009 15:30:28 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from chokecherry.srv.cs.cmu.edu (CHOKECHERRY.SRV.CS.CMU.EDU [128.2.185.41]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n04MUGmm055177 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Sun, 4 Jan 2009 15:30:27 -0700 (MST) (envelope-from jhutz@cmu.edu) Received: from [172.16.209.63] (host-66-202-66-11.har.choiceone.net [66.202.66.11]) (authenticated bits=0) by chokecherry.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id n04MTvn9029995 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 4 Jan 2009 17:29:58 -0500 (EST) Date: Sun, 04 Jan 2009 17:29:57 -0500 From: Jeffrey Hutzelman To: Yoav Nir , Paul Hoffman cc: ietf-pkix@imc.org, ietf-smime@imc.org, cfrg@irtf.org, saag@ietf.org, jhutz@cmu.edu Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Message-ID: <6C182FC59BEE26512261338E@atlantis.pc.cs.cmu.edu> In-Reply-To: <200901042024.n04KOTfE014709@raisinbran.srv.cs.cmu.edu> References: <495BA5E9.8040305@pobox.com> <495E3446.4070606@htt-consult.com> <230CAA22-D118-4F29-9DC8-32FDCD7D771E@checkpoint.com> <200901042024.n04KOTfE014709@raisinbran.srv.cs.cmu.edu> X-Mailer: Mulberry/4.0.8 (Linux/x86) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Scanned-By: mimedefang-cmuscs on 128.2.185.41 Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: --On Sunday, January 04, 2009 10:23:58 PM +0200 Yoav Nir wrote: > On Jan 4, 2009, at 9:11 PM, Paul Hoffman wrote: > >> At 9:02 AM +0200 1/4/09, Yoav Nir wrote: >>> Best we can do is to get the CAs to >>> >>> (1) not issue MD5 certs anymore and >>> (2) randomize the serial number and/or >>> (3) and a random fluff extension that people are talking about >> >> Just to repeat it one more time: #3 does not prevent the published >> attack. > > It does if the random fluff is inserted by the CA. The attack depends on > their ability to predict the entire TBS part. No, it does not. It depends on their ability to predict that portion of the TBS part which occurs prior to the computed collision blocks, which in the real certificate occur in the subject public key modulus. The portion of the TBS part which occurs after the collision blocks does not need to be predictable; they just need to be able to copy it as-is, which is done by copying the collision blocks, the rest of the original subject public key modulus, and all of the original certificate's extensions into a netscape comment extension in the forged certificate. >>> And if Microsoft don't, nobody else will. The Firefox/Opera/Safari/ >>> Chrome people don't want any sites that "only work with Explorer". >> >> At least with respect to Firefox, I think that statement is false. > > They've done quite a bit to render broken sites that were made for IE. > Also, I've updated today and all the "bad" CAs with MD5 signatures are > still in the TAS. Again, there is nothing "bad" about CA certifiates with MD5 signatures. The signature on a root certificate is not used for anything, and in practice is not an accurate predictor of what algorithms that CA uses to sign certificates. -- Jeffrey T. Hutzelman (N3NHS) Carnegie Mellon University - Pittsburgh, PA Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n04M2SU6054050 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 4 Jan 2009 15:02:28 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n04M2SMe054048; Sun, 4 Jan 2009 15:02:28 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from mailhost.tue.nl (mailhost.tue.nl [131.155.2.19]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n04M2Gu9054027 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 4 Jan 2009 15:02:27 -0700 (MST) (envelope-from b.m.m.d.weger@TUE.nl) Received: from localhost (localhost [127.0.0.1]) by mailhost.tue.nl (Postfix) with ESMTP id 01BC45C005; Sun, 4 Jan 2009 23:02:15 +0100 (CET) X-Virus-Scanned: amavisd-new at tue.nl Received: from mailhost.tue.nl ([131.155.2.19]) by localhost (pastinakel.tue.nl [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rHJqCkviIVtX; Sun, 4 Jan 2009 23:02:14 +0100 (CET) Received: from EXCHANGE5.campus.tue.nl (xserver6.campus.tue.nl [131.155.6.9]) by mailhost.tue.nl (Postfix) with ESMTP id BACDA5C002; Sun, 4 Jan 2009 23:02:14 +0100 (CET) Received: from webmail11.campus.tue.nl ([131.155.6.51]) by EXCHANGE5.campus.tue.nl with Microsoft SMTPSVC(6.0.3790.3959); Sun, 4 Jan 2009 23:02:14 +0100 Received: from EXCHANGE11.campus.tue.nl ([131.155.6.30]) by webmail11.campus.tue.nl ([131.155.6.51]) with mapi; Sun, 4 Jan 2009 23:02:14 +0100 From: "Weger, B.M.M. de" To: Paul Hoffman , Yoav Nir CC: "ietf-pkix@imc.org" , "ietf-smime@imc.org" , "cfrg@irtf.org" , "saag@ietf.org" Date: Sun, 4 Jan 2009 23:02:36 +0100 Subject: RE: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate Thread-Topic: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate Thread-Index: AclurK43+Y7mFmYNToKiFNQb0Pgg2QAChf2w Message-ID: <7DF2365FF07C0E4E89419D65CCC93C9E014149035E31@EXCHANGE11.campus.tue.nl> References: <495BA5E9.8040305@pobox.com> <495E3446.4070606@htt-consult.com> <230CAA22-D118-4F29-9DC8-32FDCD7D771E@checkpoint.com> In-Reply-To: Accept-Language: nl-NL, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: nl-NL, en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginalArrivalTime: 04 Jan 2009 22:02:14.0620 (UTC) FILETIME=[1A02D1C0:01C96EB8] Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Hi Paul, > >>Just to repeat it one more time: #3 does not prevent the=20 > published attack. > > > >It does if the random fluff is inserted by the CA. The=20 > attack depends on their ability to predict the entire TBS part. >=20 > I may have misunderstood the paper, but I think that changes=20 > after the subjectPublicKeyInfo do not affect the attack. Almost correct. A random looking "collision block" has to be inserted somewhere. We chose to insert it in the public key, as that seems the most convenient. Somebody else may find another place where it can be hidden (maybe in a "subject key identifier" field or something, I don't know what would be feasible). Everything after the "collision block" must be copied bitwise into the twin certificate, and must be 'harmless' there. If 'random fluff' is inserted by the CA after the "collision block", this 'random fluff' can be copied into the twin=20 certificate as well, retaining the collision property, and this would indeed be irrelevant to our attack. > >Also, I've updated today and all the "bad" CAs with MD5=20 > signatures are still in the TAS. >=20 > As was pointed out to me earlier: it does not matter if the=20 > CA has its cert signed with MD5, only whether that CA *signs*=20 > with MD5. RapidSSL, for example, is still signed with MD5 but=20 > is now signing with SHA-1. Correct. Grtz, Benne de Weger Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n04KeJ9p050767 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 4 Jan 2009 13:40:19 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n04KeJ7N050766; Sun, 4 Jan 2009 13:40:19 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from [10.20.30.158] (dsl-63-249-108-169.cruzio.com [63.249.108.169]) (authenticated bits=0) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n04KeBuF050753 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 4 Jan 2009 13:40:13 -0700 (MST) (envelope-from paul.hoffman@vpnc.org) Mime-Version: 1.0 Message-Id: In-Reply-To: References: <495BA5E9.8040305@pobox.com> <495E3446.4070606@htt-consult.com> <230CAA22-D118-4F29-9DC8-32FDCD7D771E@checkpoint.com> Date: Sun, 4 Jan 2009 12:40:10 -0800 To: Yoav Nir From: Paul Hoffman Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Cc: ietf-pkix@imc.org, cfrg@irtf.org, saag@ietf.org, ietf-smime@imc.org Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: At 10:23 PM +0200 1/4/09, Yoav Nir wrote: >On Jan 4, 2009, at 9:11 PM, Paul Hoffman wrote: > >>At 9:02 AM +0200 1/4/09, Yoav Nir wrote: >>>Best we can do is to get the CAs to >>> >>>(1) not issue MD5 certs anymore and >>>(2) randomize the serial number and/or >>>(3) and a random fluff extension that people are talking about >> >>Just to repeat it one more time: #3 does not prevent the published attack. > >It does if the random fluff is inserted by the CA. The attack depends on their ability to predict the entire TBS part. I may have misunderstood the paper, but I think that changes after the subjectPublicKeyInfo do not affect the attack. >>>But still, I don't see Microsoft removing a root CA because one of their sub-CAs is issuing non-compliant certificates. >> >>It is hard to see Microsoft removing or adding CAs. If anyone knows of a public interface (mailing list, web site, whatever) for when this happens, by all means please the world know. > >I managed to find a page with their policy on adding new root CAs. Nothing there about removing old root CAs. I'm not talking about the policy: I'm talking about the actual trust anchors themselves. >>>And if Microsoft don't, nobody else will. The Firefox/Opera/Safari/Chrome people don't want any sites that "only work with Explorer". >> >>At least with respect to Firefox, I think that statement is false. > >They've done quite a bit to render broken sites that were made for IE. That is irrelevant for this thread. There are active discussions in the Firefox community about adding and removing trust anchors that are and are not already in the IE trust anchor pile. >Also, I've updated today and all the "bad" CAs with MD5 signatures are still in the TAS. As was pointed out to me earlier: it does not matter if the CA has its cert signed with MD5, only whether that CA *signs* with MD5. RapidSSL, for example, is still signed with MD5 but is now signing with SHA-1. --Paul Hoffman, Director --VPN Consortium Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n04KOb4L050325 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 4 Jan 2009 13:24:37 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n04KObef050323; Sun, 4 Jan 2009 13:24:37 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from dlpdemo.checkpoint.com (dlpdemo.checkpoint.com [194.29.32.54]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n04KOPJl050304; Sun, 4 Jan 2009 13:24:36 -0700 (MST) (envelope-from ynir@checkpoint.com) Received: by dlpdemo.checkpoint.com (Postfix, from userid 105) id 163CA29C002; Sun, 4 Jan 2009 22:24:25 +0200 (IST) Received: from michael.checkpoint.com (michael.checkpoint.com [194.29.32.68]) by dlpdemo.checkpoint.com (Postfix) with ESMTP id 3510F29C001; Sun, 4 Jan 2009 22:24:03 +0200 (IST) X-CheckPoint: {49611904-10000-88241DC2-7B6} Received: from [172.31.21.158] (localhost [127.0.0.1]) by michael.checkpoint.com (8.12.10+Sun/8.12.10) with ESMTP id n04KNwfE013740; Sun, 4 Jan 2009 22:23:59 +0200 (IST) Cc: ietf-pkix@imc.org, cfrg@irtf.org, saag@ietf.org, ietf-smime@imc.org Message-Id: From: Yoav Nir To: Paul Hoffman In-Reply-To: Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v930.3) Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Date: Sun, 4 Jan 2009 22:23:58 +0200 References: <495BA5E9.8040305@pobox.com> <495E3446.4070606@htt-consult.com> <230CAA22-D118-4F29-9DC8-32FDCD7D771E@checkpoint.com> X-Mailer: Apple Mail (2.930.3) Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: On Jan 4, 2009, at 9:11 PM, Paul Hoffman wrote: > At 9:02 AM +0200 1/4/09, Yoav Nir wrote: >> Best we can do is to get the CAs to >> >> (1) not issue MD5 certs anymore and >> (2) randomize the serial number and/or >> (3) and a random fluff extension that people are talking about > > Just to repeat it one more time: #3 does not prevent the published > attack. It does if the random fluff is inserted by the CA. The attack depends on their ability to predict the entire TBS part. >> But still, I don't see Microsoft removing a root CA because one of >> their sub-CAs is issuing non-compliant certificates. > > It is hard to see Microsoft removing or adding CAs. If anyone knows > of a public interface (mailing list, web site, whatever) for when > this happens, by all means please the world know. I managed to find a page with their policy on adding new root CAs. Nothing there about removing old root CAs. >> And if Microsoft don't, nobody else will. The Firefox/Opera/Safari/ >> Chrome people don't want any sites that "only work with Explorer". > > At least with respect to Firefox, I think that statement is false. They've done quite a bit to render broken sites that were made for IE. Also, I've updated today and all the "bad" CAs with MD5 signatures are still in the TAS. Email secured by Check Point Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n04JBJHt047548 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 4 Jan 2009 12:11:19 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n04JBJ8Z047547; Sun, 4 Jan 2009 12:11:19 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from [10.20.30.158] (dsl-63-249-108-169.cruzio.com [63.249.108.169]) (authenticated bits=0) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n04JBA90047521 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 4 Jan 2009 12:11:11 -0700 (MST) (envelope-from paul.hoffman@vpnc.org) Mime-Version: 1.0 Message-Id: In-Reply-To: <230CAA22-D118-4F29-9DC8-32FDCD7D771E@checkpoint.com> References: <495BA5E9.8040305@pobox.com> <495E3446.4070606@htt-consult.com> <230CAA22-D118-4F29-9DC8-32FDCD7D771E@checkpoint.com> Date: Sun, 4 Jan 2009 11:11:09 -0800 To: Yoav Nir From: Paul Hoffman Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Cc: ietf-pkix@imc.org, cfrg@irtf.org, saag@ietf.org, ietf-smime@imc.org Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: At 9:02 AM +0200 1/4/09, Yoav Nir wrote: >Best we can do is to get the CAs to > >(1) not issue MD5 certs anymore and >(2) randomize the serial number and/or >(3) and a random fluff extension that people are talking about Just to repeat it one more time: #3 does not prevent the published attack. >But still, I don't see Microsoft removing a root CA because one of their sub-CAs is issuing non-compliant certificates. It is hard to see Microsoft removing or adding CAs. If anyone knows of a public interface (mailing list, web site, whatever) for when this happens, by all means please the world know. >And if Microsoft don't, nobody else will. The Firefox/Opera/Safari/Chrome people don't want any sites that "only work with Explorer". At least with respect to Firefox, I think that statement is false. --Paul Hoffman, Director --VPN Consortium Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n047TvT2021249 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 4 Jan 2009 00:29:57 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n047TupB021248; Sun, 4 Jan 2009 00:29:56 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from dlpdemo.checkpoint.com (dlpdemo.checkpoint.com [194.29.32.54]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n047TiJe021226; Sun, 4 Jan 2009 00:29:55 -0700 (MST) (envelope-from ynir@checkpoint.com) Received: by dlpdemo.checkpoint.com (Postfix, from userid 105) id 4FBC5200DFE; Sun, 4 Jan 2009 09:29:43 +0200 (IST) Received: from michael.checkpoint.com (michael.checkpoint.com [194.29.32.68]) by dlpdemo.checkpoint.com (Postfix) with ESMTP id 9F8852004D6; Sun, 4 Jan 2009 09:29:18 +0200 (IST) X-CheckPoint: {49606375-10000-88241DC2-7B6} Received: from owoloch-x32.ad.checkpoint.com (localhost [127.0.0.1]) by michael.checkpoint.com (8.12.10+Sun/8.12.10) with ESMTP id n047TIfE017615; Sun, 4 Jan 2009 09:29:18 +0200 (IST) Cc: Peter Hesse , ietf-pkix@imc.org, "'Mike'" , cfrg@irtf.org, saag@ietf.org, ietf-smime@imc.org Message-Id: <230CAA22-D118-4F29-9DC8-32FDCD7D771E@checkpoint.com> From: Yoav Nir To: Robert Moskowitz In-Reply-To: <495E3446.4070606@htt-consult.com> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v930.3) Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Date: Sun, 4 Jan 2009 09:02:00 +0200 References: <495BA5E9.8040305@pobox.com> <495E3446.4070606@htt-consult.com> X-Mailer: Apple Mail (2.930.3) Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: On Jan 2, 2009, at 5:35 PM, Robert Moskowitz wrote: >> Since MD5 is known bad and potentially dangerous at this point, I >> would >> suggest that the best client side action would be to fail to verify >> any >> signatures created using MD5. This will break some things, >> especially if >> existing business processes are relying on a certificate signed >> with MD5. >> However, it is a fail-safe and would prevent a rogue CA certificate >> created >> in this fashion from being considered trustworthy. >> >> And to Santosh's point (and others), my earlier email about >> removing/replacing trust anchors was not because the self-signed >> certificates are signed using MD5; I agree the trust anchor public >> keys are >> protected using other mechanisms. I am recommending that if CAs do >> nothing >> to prevent this kind of attack (non-random serial numbers, issue >> certificates signed with MD5, issue certificates in an automated, >> predictable fashion) that those CAs should be removed from trust >> lists >> because they are no longer acting in the interest of the relying >> party--they >> are an accomplice to the creation of these rogue certificates. > Peter, > > This sounds great at an IETF mike, but out in the field how do you > get all those millions of browsers to pull down a new trust list > that will no longer include CA foobar? > > Can't happen now, and the way things are going, ain't going to > happen before 2026 either. There's this one company such that if they use Windows update to update their browsers, the others will follow. Technically, it's very easy to get rid of the bad CAs. However, that company is not going to modify their browsers, not now, probably not in the next few years. > So what tool do we have to get compliance to best practices? The > good old 5th estate, get out their and give bad press to foobar > until they fix their behaviour or their business model collapses and > they go out of business and can no longer issue potentially rogue > certs. I don't think you can get a message like that across. This story evokes more of the "Wow! Clever hackers with 200 playstations" sentiment, not the "criminal negligence" sentiment. You can't get the media angry with a company unless the negligence causes something spectacular, like an exploding Ford Pinto. Even Jesse Walker's "unsafe at any keylength" article didn't have quite the impact of the original. And people still use WEP. > We can talk and posture all we want in the IETF. We are rather good > at that, IMNSHO. But this is perfect proof of our impact as such on > the business model of companies that use our technology; they will > do what is expedient, not what is Best Practices. Best we can do is to get the CAs to (1) not issue MD5 certs anymore and (2) randomize the serial number and/or (3) and a random fluff extension that people are talking about But still, I don't see Microsoft removing a root CA because one of their sub-CAs is issuing non-compliant certificates. And if Microsoft don't, nobody else will. The Firefox/Opera/Safari/ Chrome people don't want any sites that "only work with Explorer". Email secured by Check Point Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n02FagHF036840 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 2 Jan 2009 08:36:42 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n02Fag1O036838; Fri, 2 Jan 2009 08:36:42 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [208.83.67.147]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n02FaUmS036815 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 2 Jan 2009 08:36:41 -0700 (MST) (envelope-from rgm-sec@htt-consult.com) Received: from z9m9z.htt-consult.com (localhost.localdomain [127.0.0.1]) by z9m9z.htt-consult.com (8.13.8/8.13.8) with ESMTP id n02FZsW3016664; Fri, 2 Jan 2009 10:35:54 -0500 Received: from nc2400.htt-consult.com (onlo.htt-consult.com [208.83.67.148]) by z9m9z.htt-consult.com (Scalix SMTP Relay 11.3.0.11339) via ESMTP; Fri, 02 Jan 2009 10:35:43 -0500 (EST) Date: Fri, 2 Jan 2009 10:35:34 -0500 From: Robert Moskowitz To: Peter Hesse cc: "'Mike'" , ietf-pkix@imc.org, cfrg@irtf.org, saag@ietf.org, ietf-smime@imc.org Message-ID: <495E3446.4070606@htt-consult.com> In-Reply-To: <0c6f01c96ce8$2c13d700$843b8500$@com> References: <495BA5E9.8040305@pobox.com> References: References: <1b587cab0901010706j6e8cd2f8pf23345660a4825a5@mail.gmail.com> References: References: <495CE68A.5040709@pobox.com> References: <0c6f01c96ce8$2c13d700$843b8500$@com> Subject: Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate x-scalix-Hops: 1 User-Agent: Thunderbird 2.0.0.18 (X11/20081120) MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format="flowed" Content-Disposition: inline X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=failed version=3.2.4 X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on z9m9z.htt-consult.com Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Peter Hesse wrote: >> Is there anything that could be added to RP software to reliably >> detect and thwart the use of a rogue CA certificate? Or would >> any attempt to do that just cause too many problems? >> > > Since MD5 is known bad and potentially dangerous at this point, I would > suggest that the best client side action would be to fail to verify any > signatures created using MD5. This will break some things, especially if > existing business processes are relying on a certificate signed with MD5. > However, it is a fail-safe and would prevent a rogue CA certificate created > in this fashion from being considered trustworthy. > > And to Santosh's point (and others), my earlier email about > removing/replacing trust anchors was not because the self-signed > certificates are signed using MD5; I agree the trust anchor public keys are > protected using other mechanisms. I am recommending that if CAs do nothing > to prevent this kind of attack (non-random serial numbers, issue > certificates signed with MD5, issue certificates in an automated, > predictable fashion) that those CAs should be removed from trust lists > because they are no longer acting in the interest of the relying party--they > are an accomplice to the creation of these rogue certificates. Peter, This sounds great at an IETF mike, but out in the field how do you get all those millions of browsers to pull down a new trust list that will no longer include CA foobar? Can't happen now, and the way things are going, ain't going to happen before 2026 either. So what tool do we have to get compliance to best practices? The good old 5th estate, get out their and give bad press to foobar until they fix their behaviour or their business model collapses and they go out of business and can no longer issue potentially rogue certs. We can talk and posture all we want in the IETF. We are rather good at that, IMNSHO. But this is perfect proof of our impact as such on the business model of companies that use our technology; they will do what is expedient, not what is Best Practices. Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n02EfVkv034476 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 2 Jan 2009 07:41:32 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n02EfVZj034475; Fri, 2 Jan 2009 07:41:31 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from prospect.joyent.us (prospect.joyent.us [8.12.36.36]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n02EfJ06034457; Fri, 2 Jan 2009 07:41:30 -0700 (MST) (envelope-from pmhesse@geminisecurity.com) Received: from PeterVistaSP1 (static-68-163-72-26.res.east.verizon.net [68.163.72.26]) by prospect.joyent.us (Postfix) with ESMTPSA id CBF81A2746; Fri, 2 Jan 2009 14:41:17 +0000 (GMT) From: "Peter Hesse" To: "'Mike'" , Cc: , , References: <495BA5E9.8040305@pobox.com> <1b587cab0901010706j6e8cd2f8pf23345660a4825a5@mail.gmail.com> <495CE68A.5040709@pobox.com> In-Reply-To: <495CE68A.5040709@pobox.com> Subject: RE: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate Date: Fri, 2 Jan 2009 09:41:15 -0500 Message-ID: <0c6f01c96ce8$2c13d700$843b8500$@com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: AclsKjT6Oz0PcIiFQN+3Ed6VEEQeYAAvNWMA Content-Language: en-us Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: > Is there anything that could be added to RP software to reliably > detect and thwart the use of a rogue CA certificate? Or would > any attempt to do that just cause too many problems? Since MD5 is known bad and potentially dangerous at this point, I would suggest that the best client side action would be to fail to verify any signatures created using MD5. This will break some things, especially if existing business processes are relying on a certificate signed with MD5. However, it is a fail-safe and would prevent a rogue CA certificate created in this fashion from being considered trustworthy. And to Santosh's point (and others), my earlier email about removing/replacing trust anchors was not because the self-signed certificates are signed using MD5; I agree the trust anchor public keys are protected using other mechanisms. I am recommending that if CAs do nothing to prevent this kind of attack (non-random serial numbers, issue certificates signed with MD5, issue certificates in an automated, predictable fashion) that those CAs should be removed from trust lists because they are no longer acting in the interest of the relying party--they are an accomplice to the creation of these rogue certificates. --Peter ---------------------------------------------------------------- Peter Hesse pmhesse@geminisecurity.com http://securitymusings.com http://geminisecurity.com Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n01JmhPw095180 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 1 Jan 2009 12:48:43 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n01Jmh8b095177; Thu, 1 Jan 2009 12:48:43 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from scygmxsecs1.cygnacom.com (scygmxsecs1.cygnacom.com [65.242.48.253]) by balder-227.proper.com (8.14.2/8.14.2) with SMTP id n01JmfdP095154 for ; Thu, 1 Jan 2009 12:48:41 -0700 (MST) (envelope-from SChokhani@cygnacom.com) Received: (qmail 12536 invoked from network); 1 Jan 2009 19:49:03 -0000 Received: from SChokhani@cygnacom.com by scygmxsecs1.cygnacom.com with EntrustECS-Server-7.4;01 Jan 2009 19:49:03 -0000 Received: from unknown (HELO scygexch1.cygnacom.com) (10.60.50.8) by scygmxsecs1.cygnacom.com with SMTP; 1 Jan 2009 19:49:03 -0000 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft Exchange V6.5 Subject: RE: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Date: Thu, 1 Jan 2009 14:48:40 -0500 Message-ID: In-Reply-To: <495D1C0A.2080105@links.org> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Thread-Index: AclsSLgggyxnPlLcRtiDUadx0CecswAANOjQ References: <495BA5E9.8040305@pobox.com> <1b587cab0901010706j6e8cd2f8pf23345660a4825a5@mail.gmail.com> <495D0100.6000200@links.org> <495D1C0A.2080105@links.org> From: "Santosh Chokhani" To: "Ben Laurie" Cc: "Paul Hoffman" , , , , , Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: I do not think canonical means only one way to represent. Extensions have always been a SEQUENCE with their OID denoting what extension is next and their syntax. Actually, we find SET in the case of RDN problematic. -----Original Message----- From: Ben Laurie [mailto:ben@links.org]=20 Sent: Thursday, January 01, 2009 2:40 PM To: Santosh Chokhani Cc: Paul Hoffman; cfrg@irtf.org; ietf-smime@imc.org; saag@ietf.org; ietf-pkix@imc.org; mike-list@pobox.com Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Santosh Chokhani wrote: > We must fix X.509 since it is not broken. I am not suggesting that we should fix X.509, I am pointing out, in my own roundabout way, that X.509 certs are supposed to have a canonical form. But it seems they do not. Makes me wonder why we go to all the effort of using a supposedly canonical encoding that isn't? If we can only rely on the original bits in the cert when checking the signature, why bother? --=20 http://www.apache-ssl.org/ben.html http://www.links.org/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n01JdraA094547 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 1 Jan 2009 12:39:53 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n01JdrPG094545; Thu, 1 Jan 2009 12:39:53 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n01Jdp9b094527 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 1 Jan 2009 12:39:52 -0700 (MST) (envelope-from ben@links.org) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 6A66333C1E; Thu, 1 Jan 2009 19:41:23 +0000 (GMT) Message-ID: <495D1C0A.2080105@links.org> Date: Thu, 01 Jan 2009 19:39:54 +0000 From: Ben Laurie User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070326 Thunderbird/2.0.0.0 Mnenhy/0.7.4.0 MIME-Version: 1.0 To: Santosh Chokhani CC: Paul Hoffman , cfrg@irtf.org, ietf-smime@imc.org, saag@ietf.org, ietf-pkix@imc.org, mike-list@pobox.com Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate References: <495BA5E9.8040305@pobox.com> <1b587cab0901010706j6e8cd2f8pf23345660a4825a5@mail.gmail.com> <495D0100.6000200@links.org> In-Reply-To: X-Enigmail-Version: 0.95.7 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Santosh Chokhani wrote: > We must fix X.509 since it is not broken. I am not suggesting that we should fix X.509, I am pointing out, in my own roundabout way, that X.509 certs are supposed to have a canonical form. But it seems they do not. Makes me wonder why we go to all the effort of using a supposedly canonical encoding that isn't? If we can only rely on the original bits in the cert when checking the signature, why bother? -- http://www.apache-ssl.org/ben.html http://www.links.org/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n01JU0dK093881 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 1 Jan 2009 12:30:00 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n01JU0RY093877; Thu, 1 Jan 2009 12:30:00 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from scygmxsecs1.cygnacom.com (scygmxsecs1.cygnacom.com [65.242.48.253]) by balder-227.proper.com (8.14.2/8.14.2) with SMTP id n01JTmav093844 for ; Thu, 1 Jan 2009 12:29:58 -0700 (MST) (envelope-from SChokhani@cygnacom.com) Received: (qmail 12442 invoked from network); 1 Jan 2009 19:30:10 -0000 Received: from SChokhani@cygnacom.com by scygmxsecs1.cygnacom.com with EntrustECS-Server-7.4;01 Jan 2009 19:30:10 -0000 Received: from unknown (HELO scygexch1.cygnacom.com) (10.60.50.8) by scygmxsecs1.cygnacom.com with SMTP; 1 Jan 2009 19:30:10 -0000 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft Exchange V6.5 Subject: RE: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Date: Thu, 1 Jan 2009 14:29:46 -0500 Message-ID: In-Reply-To: <495D0100.6000200@links.org> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Thread-Index: AclsOJwh2A/o+dm4RcK781oKyPwOkAADl7sA References: <495BA5E9.8040305@pobox.com> <1b587cab0901010706j6e8cd2f8pf23345660a4825a5@mail.gmail.com> <495D0100.6000200@links.org> From: "Santosh Chokhani" To: "Ben Laurie" , "Paul Hoffman" Cc: , , , , Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: We must fix X.509 since it is not broken. We must preserve MD5 since it is weak. We must provide economic and political support to client side vendors who refuse to implement SHA-256. We must treat them with kid gloves and work around them. The world economy is in the tank. People want to shoot each other. I see a patent here that is not very random. -----Original Message----- From: saag-bounces@ietf.org [mailto:saag-bounces@ietf.org] On Behalf Of Ben Laurie Sent: Thursday, January 01, 2009 12:45 PM To: Paul Hoffman Cc: cfrg@irtf.org; ietf-smime@imc.org; saag@ietf.org; ietf-pkix@imc.org; mike-list@pobox.com Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Paul Hoffman wrote: > At 3:06 PM +0000 1/1/09, Ben Laurie wrote: >> Surely the whole point of DER is that there's only one correct way to >> encode any particular certificate? >=20 > Not so "surely". The SEQUENCE for extensions does not say what order they should be in. That doesn't change the _point_ of DER. If extensions should have been specified as a SET but are defined as a SEQUENCE, then they are broken (technically). >> So, either extensions must be sorted, or changing their order changes >> their meaning. Either way, nothing can be reordered. >=20 > Wrong on both counts. Each extension has stand-alone semantics, and they can be in any order. My point was about the correct use of DER. It seems extensions use it incorrectly. > However, this is irrelevant for the MD5 break discussion, as is clearly shown in the paper. I am discussing the correct use of DER :-) --=20 http://www.apache-ssl.org/ben.html http://www.links.org/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff _______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/listinfo/saag Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n01Higb7086887 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 1 Jan 2009 10:44:42 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n01Hig7k086882; Thu, 1 Jan 2009 10:44:42 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n01HiTqF086851 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 1 Jan 2009 10:44:41 -0700 (MST) (envelope-from ben@links.org) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 5BA8133C1E; Thu, 1 Jan 2009 17:46:01 +0000 (GMT) Message-ID: <495D0100.6000200@links.org> Date: Thu, 01 Jan 2009 17:44:32 +0000 From: Ben Laurie User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070326 Thunderbird/2.0.0.0 Mnenhy/0.7.4.0 MIME-Version: 1.0 To: Paul Hoffman CC: Ben Laurie , Peter Gutmann , ietf-pkix@imc.org, mike-list@pobox.com, cfrg@irtf.org, saag@ietf.org, ietf-smime@imc.org Subject: Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate References: <495BA5E9.8040305@pobox.com> <1b587cab0901010706j6e8cd2f8pf23345660a4825a5@mail.gmail.com> In-Reply-To: X-Enigmail-Version: 0.95.7 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Paul Hoffman wrote: > At 3:06 PM +0000 1/1/09, Ben Laurie wrote: >> Surely the whole point of DER is that there's only one correct way to >> encode any particular certificate? > > Not so "surely". The SEQUENCE for extensions does not say what order they should be in. That doesn't change the _point_ of DER. If extensions should have been specified as a SET but are defined as a SEQUENCE, then they are broken (technically). >> So, either extensions must be sorted, or changing their order changes >> their meaning. Either way, nothing can be reordered. > > Wrong on both counts. Each extension has stand-alone semantics, and they can be in any order. My point was about the correct use of DER. It seems extensions use it incorrectly. > However, this is irrelevant for the MD5 break discussion, as is clearly shown in the paper. I am discussing the correct use of DER :-) -- http://www.apache-ssl.org/ben.html http://www.links.org/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n01HKGos085008 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 1 Jan 2009 10:20:16 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n01HKG1B085006; Thu, 1 Jan 2009 10:20:16 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from [10.20.30.158] (dsl-63-249-108-169.cruzio.com [63.249.108.169]) (authenticated bits=0) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n01HK1Rw084974 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 1 Jan 2009 10:20:02 -0700 (MST) (envelope-from paul.hoffman@vpnc.org) Mime-Version: 1.0 Message-Id: In-Reply-To: <1b587cab0901010706j6e8cd2f8pf23345660a4825a5@mail.gmail.com> References: <495BA5E9.8040305@pobox.com> <1b587cab0901010706j6e8cd2f8pf23345660a4825a5@mail.gmail.com> Date: Thu, 1 Jan 2009 09:20:00 -0800 To: Ben Laurie , Peter Gutmann From: Paul Hoffman Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Cc: ietf-pkix@imc.org, mike-list@pobox.com, cfrg@irtf.org, saag@ietf.org, ietf-smime@imc.org Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: At 3:06 PM +0000 1/1/09, Ben Laurie wrote: >Surely the whole point of DER is that there's only one correct way to >encode any particular certificate? Not so "surely". The SEQUENCE for extensions does not say what order they should be in. >So, either extensions must be sorted, or changing their order changes >their meaning. Either way, nothing can be reordered. Wrong on both counts. Each extension has stand-alone semantics, and they can be in any order. However, this is irrelevant for the MD5 break discussion, as is clearly shown in the paper. --Paul Hoffman, Director --VPN Consortium Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n01GowVU082693 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 1 Jan 2009 09:50:58 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n01GovJl082691; Thu, 1 Jan 2009 09:50:57 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from romeo.rtfm.com (romeo.rtfm.com [74.95.2.173]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n01GolS6082663 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 1 Jan 2009 09:50:57 -0700 (MST) (envelope-from ekr@networkresonance.com) Received: from romeo.rtfm.com (localhost.rtfm.com [127.0.0.1]) by romeo.rtfm.com (Postfix) with ESMTP id 5783750822; Thu, 1 Jan 2009 09:07:06 -0800 (PST) Date: Thu, 01 Jan 2009 09:07:05 -0800 From: Eric Rescorla To: Mike Cc: ietf-pkix@imc.org, cfrg@irtf.org, saag@ietf.org, ietf-smime@imc.org Subject: Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate In-Reply-To: <495CE68A.5040709@pobox.com> References: <495BA5E9.8040305@pobox.com> <1b587cab0901010706j6e8cd2f8pf23345660a4825a5@mail.gmail.com> <495CE68A.5040709@pobox.com> User-Agent: Wanderlust/2.14.0 (Africa) Emacs/21.3 Mule/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Message-Id: <20090101170706.5783750822@romeo.rtfm.com> Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: At Thu, 01 Jan 2009 07:51:38 -0800, Mike wrote: > > > Is there anything that could be added to RP software to reliably > detect and thwart the use of a rogue CA certificate? Or would > any attempt to do that just cause too many problems? > > Mike (who is writing "I am not a security expert" 100 times on > the chalkboard) You could certainly add a check for this particular certificate and any others you discovered. To the extent to which CAs no longer use MD5, this would likely quickly clean up the damage. It's less clear that you could safely detect this kind of cert in a generic way. -Ekr Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n01FqYVU077523 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 1 Jan 2009 08:52:44 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n01FqYju077522; Thu, 1 Jan 2009 08:52:34 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from sasl.smtp.pobox.com (a-sasl-quonix.sasl.smtp.pobox.com [208.72.237.25]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n01FqMXt077493; Thu, 1 Jan 2009 08:52:33 -0700 (MST) (envelope-from mike-list@pobox.com) Received: from localhost.localdomain (unknown [127.0.0.1]) by b-sasl-quonix.sasl.smtp.pobox.com (Postfix) with ESMTP id 485131B89A; Thu, 1 Jan 2009 10:52:22 -0500 (EST) Received: from [192.168.1.8] (unknown [24.234.114.35]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by b-sasl-quonix.sasl.smtp.pobox.com (Postfix) with ESMTPSA id 43CE11B898; Thu, 1 Jan 2009 10:52:16 -0500 (EST) Message-ID: <495CE68A.5040709@pobox.com> Date: Thu, 01 Jan 2009 07:51:38 -0800 From: Mike User-Agent: Thunderbird 2.0.0.18 (Windows/20081105) MIME-Version: 1.0 To: ietf-pkix@imc.org CC: cfrg@irtf.org, saag@ietf.org, ietf-smime@imc.org Subject: Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate References: <495BA5E9.8040305@pobox.com> <1b587cab0901010706j6e8cd2f8pf23345660a4825a5@mail.gmail.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Pobox-Relay-ID: 2D5E92AE-D81C-11DD-B34D-F83E113D384A-38729857!a-sasl-quonix.pobox.com Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Is there anything that could be added to RP software to reliably detect and thwart the use of a rogue CA certificate? Or would any attempt to do that just cause too many problems? Mike (who is writing "I am not a security expert" 100 times on the chalkboard) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n01FF3II074324 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 1 Jan 2009 08:15:03 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n01FF3Pj074322; Thu, 1 Jan 2009 08:15:03 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from scygmxsecs1.cygnacom.com (scygmxsecs1.cygnacom.com [65.242.48.253]) by balder-227.proper.com (8.14.2/8.14.2) with SMTP id n01FEp6C074280 for ; Thu, 1 Jan 2009 08:15:01 -0700 (MST) (envelope-from SChokhani@cygnacom.com) Received: (qmail 11256 invoked from network); 1 Jan 2009 15:15:13 -0000 Received: from SChokhani@cygnacom.com by scygmxsecs1.cygnacom.com with EntrustECS-Server-7.4;01 Jan 2009 15:15:13 -0000 Received: from unknown (HELO scygexch1.cygnacom.com) (10.60.50.8) by scygmxsecs1.cygnacom.com with SMTP; 1 Jan 2009 15:15:13 -0000 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft Exchange V6.5 Subject: RE: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate Date: Thu, 1 Jan 2009 10:14:49 -0500 Message-ID: In-Reply-To: <1b587cab0901010706j6e8cd2f8pf23345660a4825a5@mail.gmail.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate Thread-Index: AclsIoYaC7zrH+YEQlGlPwinB2nccwAAQV+A References: <495BA5E9.8040305@pobox.com> <1b587cab0901010706j6e8cd2f8pf23345660a4825a5@mail.gmail.com> From: "Santosh Chokhani" To: "Ben Laurie" , "Peter Gutmann" Cc: , , , , Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Changing the order of extensions does not change their meaning. Actually, a CA could put the extensions in random order for various certificates. The attack will still work if the certificate size does not change. -----Original Message----- From: cfrg-bounces@irtf.org [mailto:cfrg-bounces@irtf.org] On Behalf Of Ben Laurie Sent: Thursday, January 01, 2009 10:06 AM To: Peter Gutmann Cc: ietf-pkix@imc.org; mike-list@pobox.com; cfrg@irtf.org; saag@ietf.org; ietf-smime@imc.org Subject: Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate On Thu, Jan 1, 2009 at 11:17 AM, Peter Gutmann wrote: > > Mike writes: > >There is a simple fix -- a CA can just reorder the extensions prior to > >issuing a certificate. > > That's actually a nice fix, but unfortunately not universally applicable: for > some types of signed data (e.g. S/MIME attributes) the DER rules require > sorting the encoded extensions, so there's only one valid order for them (and > some applications actually check for this, so you have to do it or sig checks > will start failing). Surely the whole point of DER is that there's only one correct way to encode any particular certificate? So, either extensions must be sorted, or changing their order changes their meaning. Either way, nothing can be reordered. _______________________________________________ Cfrg mailing list Cfrg@irtf.org https://www.irtf.org/mailman/listinfo/cfrg Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n01Be5WX053633 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 1 Jan 2009 04:40:05 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n01Be5LA053632; Thu, 1 Jan 2009 04:40:05 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from scygmxsecs1.cygnacom.com (scygmxsecs1.cygnacom.com [65.242.48.253]) by balder-227.proper.com (8.14.2/8.14.2) with SMTP id n01BdrH6053588 for ; Thu, 1 Jan 2009 04:40:03 -0700 (MST) (envelope-from SChokhani@cygnacom.com) Received: (qmail 10279 invoked from network); 1 Jan 2009 11:40:15 -0000 Received: from SChokhani@cygnacom.com by scygmxsecs1.cygnacom.com with EntrustECS-Server-7.4;01 Jan 2009 11:40:15 -0000 Received: from unknown (HELO scygexch1.cygnacom.com) (10.60.50.8) by scygmxsecs1.cygnacom.com with SMTP; 1 Jan 2009 11:40:15 -0000 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft Exchange V6.5 Subject: RE: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Date: Thu, 1 Jan 2009 06:39:50 -0500 Message-ID: In-Reply-To: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Thread-Index: AclsApjZvyr7mv5ST36mpmxAU3jJIwAAnlMA References: <495BA5E9.8040305@pobox.com> From: "Santosh Chokhani" To: "Peter Gutmann" , , Cc: , , Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Also, for the actual attack, the ordering of extensions will not work as long as the certificate size does not change. If you look at the actual attack, collision block in the real certificate is up to the SPKI. The extension values from the real certificate are simply copied in the tumor of the rogue certificate. Given the property that if H(M) =3D H (M') then H(M | X) =3D H (M' | X), = the attacker simply copies the extensions from actual certificate in the tumor. -----Original Message----- From: saag-bounces@ietf.org [mailto:saag-bounces@ietf.org] On Behalf Of Peter Gutmann Sent: Thursday, January 01, 2009 6:18 AM To: ietf-pkix@imc.org; mike-list@pobox.com Cc: ietf-smime@imc.org; cfrg@irtf.org; saag@ietf.org Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate Mike writes: >> We are simply not vigilant enough. This issue has been on our plate >> since 2004. >> >> SHA-1 is next and neither the client side vendors nor the big >> Enterprises have pushed to move to SHA-256. > >There is a simple fix -- a CA can just reorder the extensions prior to >issuing a certificate. That's actually a nice fix, but unfortunately not universally applicable: for some types of signed data (e.g. S/MIME attributes) the DER rules require sorting the encoded extensions, so there's only one valid order for them (and some applications actually check for this, so you have to do it or sig checks will start failing). Peter. _______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/listinfo/saag Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n01BIANN052421 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 1 Jan 2009 04:18:10 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n01BIAuj052418; Thu, 1 Jan 2009 04:18:10 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from mailhost.auckland.ac.nz (moe.its.auckland.ac.nz [130.216.12.35]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n01BHqnm052370; Thu, 1 Jan 2009 04:18:09 -0700 (MST) (envelope-from pgut001@cs.auckland.ac.nz) Received: from localhost (localhost.localdomain [127.0.0.1]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id B9719481C06; Fri, 2 Jan 2009 00:17:51 +1300 (NZDT) X-Virus-Scanned: by amavisd-new at mailhost.auckland.ac.nz Received: from mailhost.auckland.ac.nz ([127.0.0.1]) by localhost (moe.its.auckland.ac.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PPAZbKuv7Db5; Fri, 2 Jan 2009 00:17:51 +1300 (NZDT) Received: from iris.cs.auckland.ac.nz (iris.cs.auckland.ac.nz [130.216.33.152]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id 048B4481BFB; Fri, 2 Jan 2009 00:17:51 +1300 (NZDT) Received: from wintermute01.cs.auckland.ac.nz (wintermute01.cs.auckland.ac.nz [130.216.34.38]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by iris.cs.auckland.ac.nz (Postfix) with ESMTP id 2436B1BE4002; Fri, 2 Jan 2009 00:17:50 +1300 (NZDT) Received: from pgut001 by wintermute01.cs.auckland.ac.nz with local (Exim 4.63) (envelope-from ) id 1LILYj-00066V-WE; Fri, 02 Jan 2009 00:17:50 +1300 From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: ietf-pkix@imc.org, mike-list@pobox.com Subject: Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate Cc: cfrg@irtf.org, ietf-smime@imc.org, saag@ietf.org In-Reply-To: <495BA5E9.8040305@pobox.com> Message-Id: Date: Fri, 02 Jan 2009 00:17:49 +1300 Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Mike writes: >> We are simply not vigilant enough. This issue has been on our plate >> since 2004. >> >> SHA-1 is next and neither the client side vendors nor the big >> Enterprises have pushed to move to SHA-256. > >There is a simple fix -- a CA can just reorder the extensions prior to >issuing a certificate. That's actually a nice fix, but unfortunately not universally applicable: for some types of signed data (e.g. S/MIME attributes) the DER rules require sorting the encoded extensions, so there's only one valid order for them (and some applications actually check for this, so you have to do it or sig checks will start failing). Peter. Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n01BBcIS051836 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 1 Jan 2009 04:11:38 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n01BBb2R051834; Thu, 1 Jan 2009 04:11:37 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f Received: from mailhost.auckland.ac.nz (curly.its.auckland.ac.nz [130.216.12.33]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n01BBP2m051800; Thu, 1 Jan 2009 04:11:36 -0700 (MST) (envelope-from pgut001@cs.auckland.ac.nz) Received: from localhost (localhost.localdomain [127.0.0.1]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id 576539D817; Fri, 2 Jan 2009 00:11:23 +1300 (NZDT) X-Virus-Scanned: by amavisd-new at mailhost.auckland.ac.nz Received: from mailhost.auckland.ac.nz ([127.0.0.1]) by localhost (curly.its.auckland.ac.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id StmylvlTOtW7; Fri, 2 Jan 2009 00:11:23 +1300 (NZDT) Received: from iris.cs.auckland.ac.nz (iris.cs.auckland.ac.nz [130.216.33.152]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id DE48F9D81F; Fri, 2 Jan 2009 00:11:07 +1300 (NZDT) Received: from wintermute01.cs.auckland.ac.nz (wintermute01.cs.auckland.ac.nz [130.216.34.38]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by iris.cs.auckland.ac.nz (Postfix) with ESMTP id 7EC871BE4002; Fri, 2 Jan 2009 00:11:01 +1300 (NZDT) Received: from pgut001 by wintermute01.cs.auckland.ac.nz with local (Exim 4.63) (envelope-from ) id 1LILS9-0005ff-DN; Fri, 02 Jan 2009 00:11:01 +1300 From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: SChokhani@cygnacom.com, tmiller@mitre.org Subject: RE: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate Cc: cfrg@irtf.org, ietf-pkix@imc.org, ietf-smime@imc.org, saag@ietf.org In-Reply-To: Message-Id: Date: Fri, 02 Jan 2009 00:11:01 +1300 Sender: owner-ietf-smime@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: "Santosh Chokhani" writes: >We are simply not vigilant enough. This issue has been on our plate since >2004. It's not just this, the fact that there were CA certs out there with the CA flag (in basicConstraints) not set was known for at least five years before widespread bad publicity forced CAs to address it, the RSA exponent=1 debacle was known for at least that long but no-one cared until there was lots of bad publicity about it... there's a really serious problem with CAs and vendors simply not caring about PKI security until bad publicity forces a change, the curent MD5 issue (and the mozilla.com cert debacle and the Gromozon malware- signing cert issue and ...) are just the latest examples. It's like the Microsoft of ten years ago, security holes just get ignored until bad publicity forces a fix (and even then it's often more of a sidestep to avoid further criticism than an actual fix). It's small wonder that there's such widespread cynicism about PKI when even the organisations pushing it don't seem to care whether it's done properly or not. Peter.