From owner-ietf-smime@imc.org  Tue Jan  4 09:15:12 2000
Received: from ns.secondary.com (ns.secondary.com [208.184.76.39])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA28585
	for <smime-archive@odin.ietf.org>; Tue, 4 Jan 2000 09:15:11 -0500 (EST)
Received: (from majordomo@localhost)
	by ns.secondary.com (8.9.3/8.9.3) id FAA07221
	for ietf-smime-bks; Tue, 4 Jan 2000 05:37:24 -0800 (PST)
Received: from sentry (firewall-user@sentry.gw.tislabs.com [192.94.214.100])
	by ns.secondary.com (8.9.3/8.9.3) with ESMTP id FAA07217
	for <ietf-smime@imc.org>; Tue, 4 Jan 2000 05:37:22 -0800 (PST)
Received: by sentry; id IAA03632; Tue, 4 Jan 2000 08:38:27 -0500 (EST)
Received: from clipper.gw.tislabs.com(10.33.1.2) by sentry.gw.tislabs.com via smap (V5.5)
	id xma003624; Tue, 4 Jan 00 08:38:18 -0500
Received: (from balenson@localhost)
	by clipper.gw.tislabs.com (8.9.3/8.9.1) id IAA12377
	for ietf-smime@imc.org; Tue, 4 Jan 2000 08:36:57 -0500 (EST)
Date: Tue, 4 Jan 2000 08:36:57 -0500 (EST)
From: "David M. Balenson" <balenson@tislabs.com>
Message-Id: <200001041336.IAA12377@clipper.gw.tislabs.com>
To: ietf-smime@imc.org
Subject: Jan. 6th early registration deadline for NDSS 2000
Sender: owner-ietf-smime@imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>


S A V E   $ 7 0   O F F   R E G I S T R A T I O N   F E E ! !
R E G I S T E R   B Y   J A N U A R Y   6 ,   2 0 0 0 

THE INTERNET SOCIETY'S
Year 2000 NETWORK AND DISTRIBUTED SYSTEM SECURITY (NDSS) SYMPOSIUM
February 2-4, 2000
Catamaran Resort Hotel, San Diego, California
General Chair:   Steve Welke, Trusted Computer Solutions
Program Chairs:  Gene Tsudik, USC/Information Sciences Institute
		 Avi Rubin, AT&T Labs - Research

ONLINE INFORMATION AND REGISTRATION:  http://www.isoc.org/ndss2000
EARLY REGISTRATION DISCOUNT DEADLINE:  January 6, 2000

The 7th annual NDSS Symposium brings together researchers,
implementers, and users of network and distributed system security
technologies to discuss today's important security issues and
challenges.  The Symposium provides a mix of technical papers and
panel presentations that describe promising new approaches to
security problems that are practical and, to the extent possible,
have been implemented.  NDSS fosters the exchange of technical
information and encourages the Internet community to deploy available
security technologies and develop new solutions to unsolved problems.

KEYNOTE SPEAKER: Gene Spafford, Professor of Computer Sciences at
Purdue University, an expert in information security, computer crime
investigation and information ethics.  Spaf (as he is known to his
friends, colleagues, and students) is director of the Purdue CERIAS
(Center for Education and Research in Information Assurance and
Security), and was the founder and director of the (now superseded)
COAST Laboratory. 

THIS YEAR'S TOPICS INCLUDE:
- Automated Detection of Buffer Overrun Vulnerabilities
- User-Level Infrastructure for System Call Interposition
- Optimized Group Rekey for Group Communication Systems
- IPSec-based Host Architecture for Secure  Internet Multicast
- The Economics of Security
- Automatic Generation of Security Protocols
- Security Protocols for SPKI-based Delegation Systems
- Secure Border Gateway Protocol (S-BGP)
- Analysis of a Fair Exchange Protocol
- Secure Password-Based Protocols for TLS
- Chameleon Signatures
- Lightweight Tool for Detecting Web Server Attacks
- Adaptive and Agile Applications Using Intrusion Detection
- Secure Virtual Enclaves
- Encrypted rlogin Connections Created With Kerberos IV
- Accountability and Control of Process Creation in Metasystems
- Red Teaming and Network Security

PRE-CONFERENCE TECHNICAL TUTORIALS:
- Network Security Protocol Standards, Dr. Stephen T. Kent
- Deployed and Emerging Security Systems for the Internet, Dr. Radia
  Perlman and Charlie Kaufman
- Mobile Code Security and Java 2 Architecture, Dr. Gary McGraw
- Cryptography 101, Dr. Aviel D. Rubin
- Public Key Infrastructure - The Truth and How to Find It, Dr. Daniel
  E. Geer, Jr.
- An Introduction to Intrusion Detection Technology, Mr. Mark Wood 

FOR MORE INFORMATION contact the Internet Society:
  Internet Society, 11150 Sunset Hills Road, Reston, VA, 20190 USA
  Phone: +1-703-326-9880         Fax: +1-703-326-9881
  E-mail: ndss2000reg@isoc.org   URL: http://www.isoc.org/ndss2000/

SPONSORSHIP OPPORTUNITIES AVAILABLE!  Take advantage of this high
visibility event.  Contact Carla Rosenfeld at the Internet Society
at +1-703-326-9880 or send e-mail to carla@isoc.org.

THE INTERNET SOCIETY is a non-governmental organization for global
cooperation and coordination for the Internet and its
internetworking technologies and applications.



From owner-ietf-smime@imc.org  Mon Jan 24 10:36:41 2000
Received: from ns.secondary.com (ns.secondary.com [208.184.76.39])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA11090
	for <smime-archive@odin.ietf.org>; Mon, 24 Jan 2000 10:36:40 -0500 (EST)
Received: by ns.secondary.com (8.9.3/8.9.3) id GAA05128
	for ietf-smime-bks; Mon, 24 Jan 2000 06:39:03 -0800 (PST)
Received: from ietf.org (odin.ietf.org [132.151.1.176])
	by ns.secondary.com (8.9.3/8.9.3) with ESMTP id GAA05124
	for <ietf-smime@imc.org>; Mon, 24 Jan 2000 06:39:01 -0800 (PST)
Received: from CNRI.Reston.VA.US (localhost [127.0.0.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA08480;
	Mon, 24 Jan 2000 09:40:27 -0500 (EST)
Message-Id: <200001241440.JAA08480@ietf.org>
To: IETF-Announce: ;
Cc: RFC Editor <rfc-editor@isi.edu>
Cc: Internet Architecture Board <iab@isi.edu>
Cc: ietf-smime@imc.org
From: The IESG <iesg-secretary@ietf.org>
Subject: Document Action: Methods for Avoiding the 'Small-Subgroup'
	 Attacks on the Diffie-Hellman Key Agreement Method for S/MIME
	 to Informational
Date: Mon, 24 Jan 2000 09:40:27 -0500
Sender: owner-ietf-smime@imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>



The IESG has approved the Internet-Draft 'Methods for Avoiding the
'Small-Subgroup' Attacks on the Diffie-Hellman Key Agreement Method for
S/MIME' <draft-ietf-smime-small-subgroup-03.txt> as an Informational
RFC.  This document is the product of the S/MIME Mail Security Working
Group.  The IESG contact persons are Jeffrey Schiller and Marcus
Leech.


From owner-ietf-smime@imc.org  Mon Jan 24 14:06:56 2000
Received: from ns.secondary.com (ns.secondary.com [208.184.76.39])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA19494
	for <smime-archive@odin.ietf.org>; Mon, 24 Jan 2000 14:06:56 -0500 (EST)
Received: (from majordomo@localhost)
	by ns.secondary.com (8.9.3/8.9.3) id KAA08613
	for ietf-smime-bks; Mon, 24 Jan 2000 10:19:15 -0800 (PST)
Received: from sentry (firewall-user@sentry.gw.tislabs.com [192.94.214.100])
	by ns.secondary.com (8.9.3/8.9.3) with ESMTP id KAA08609
	for <ietf-smime@imc.org>; Mon, 24 Jan 2000 10:19:13 -0800 (PST)
Received: by sentry; id NAA28292; Mon, 24 Jan 2000 13:22:05 -0500 (EST)
Received: from clipper.gw.tislabs.com(10.33.1.2) by sentry.gw.tislabs.com via smap (V5.5)
	id xma028281; Mon, 24 Jan 00 13:21:11 -0500
Received: (from balenson@localhost)
	by clipper.gw.tislabs.com (8.9.3/8.9.1) id NAA12546
	for ietf-smime@imc.org; Mon, 24 Jan 2000 13:17:00 -0500 (EST)
Date: Mon, 24 Jan 2000 13:17:00 -0500 (EST)
From: "David M. Balenson" <balenson@tislabs.com>
Message-Id: <200001241817.NAA12546@clipper.gw.tislabs.com>
To: ietf-smime@imc.org
Subject: Last chance to register for NDSS 2000
Sender: owner-ietf-smime@imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>


L A S T   C H A N C E   -  R E G I S T E R   F O R   N D S S   2 0 0 0

THE INTERNET SOCIETY'S
Year 2000 NETWORK AND DISTRIBUTED SYSTEM SECURITY (NDSS) SYMPOSIUM
February 2-4, 2000
Catamaran Resort Hotel, San Diego, California
General Chair:   Steve Welke, Trusted Computer Solutions
Program Chairs:  Gene Tsudik, USC/Information Sciences Institute
		 Avi Rubin, AT&T Labs - Research

ONLINE INFORMATION AND REGISTRATION:  http://www.isoc.org/ndss2000
REGISTER ONLINE ON OR BEFORE WEDNESDAY, JANUARY 26
REGISTER ONSITE AFTER WEDNESDAY, JANUARY 26

The 7th annual NDSS Symposium brings together researchers,
implementers, and users of network and distributed system security
technologies to discuss today's important security issues and
challenges.  The Symposium provides a mix of technical papers and
panel presentations that describe promising new approaches to
security problems that are practical and, to the extent possible,
have been implemented.  NDSS fosters the exchange of technical
information and encourages the Internet community to deploy available
security technologies and develop new solutions to unsolved problems.

KEYNOTE SPEAKER: Gene Spafford, Professor of Computer Sciences at
Purdue University, an expert in information security, computer crime
investigation and information ethics.  Spaf (as he is known to his
friends, colleagues, and students) is director of the Purdue CERIAS
(Center for Education and Research in Information Assurance and
Security), and was the founder and director of the (now superseded)
COAST Laboratory. 

THIS YEAR'S TOPICS INCLUDE:
- Automated Detection of Buffer Overrun Vulnerabilities
- User-Level Infrastructure for System Call Interposition
- Optimized Group Rekey for Group Communication Systems
- IPSec-based Host Architecture for Secure  Internet Multicast
- The Economics of Security
- Automatic Generation of Security Protocols
- Security Protocols for SPKI-based Delegation Systems
- Secure Border Gateway Protocol (S-BGP)
- Analysis of a Fair Exchange Protocol
- Secure Password-Based Protocols for TLS
- Chameleon Signatures
- Lightweight Tool for Detecting Web Server Attacks
- Adaptive and Agile Applications Using Intrusion Detection
- Secure Virtual Enclaves
- Encrypted rlogin Connections Created With Kerberos IV
- Accountability and Control of Process Creation in Metasystems
- Red Teaming and Network Security

PRE-CONFERENCE TECHNICAL TUTORIALS:
- Network Security Protocol Standards, Dr. Stephen T. Kent
- Deployed and Emerging Security Systems for the Internet, Dr. Radia
  Perlman and Charlie Kaufman
- Mobile Code Security and Java 2 Architecture, Dr. Gary McGraw
- Cryptography 101, Dr. Aviel D. Rubin
- Public Key Infrastructure - The Truth and How to Find It, Dr. Daniel
  E. Geer, Jr.
- An Introduction to Intrusion Detection Technology, Mr. Mark Wood 

FOR MORE INFORMATION contact the Internet Society:
  Internet Society, 11150 Sunset Hills Road, Reston, VA, 20190 USA
  Phone: +1-703-326-9880         Fax: +1-703-326-9881
  E-mail: ndss2000reg@isoc.org   URL: http://www.isoc.org/ndss2000/

SPONSORSHIP OPPORTUNITIES AVAILABLE!  Take advantage of this high
visibility event.  Contact Carla Rosenfeld at the Internet Society
at +1-703-326-9880 or send e-mail to carla@isoc.org.

THE INTERNET SOCIETY is a non-governmental organization for global
cooperation and coordination for the Internet and its
internetworking technologies and applications.



From owner-ietf-smime@imc.org  Mon Jan 24 23:39:44 2000
Received: from ns.secondary.com (ns.secondary.com [208.184.76.39])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA06151
	for <smime-archive@odin.ietf.org>; Mon, 24 Jan 2000 23:39:43 -0500 (EST)
Received: (from majordomo@localhost)
	by ns.secondary.com (8.9.3/8.9.3) id UAA03055
	for ietf-smime-bks; Mon, 24 Jan 2000 20:03:34 -0800 (PST)
Received: from dfssl.exchange.microsoft.com ([131.107.88.59])
	by ns.secondary.com (8.9.3/8.9.3) with SMTP id UAA03050
	for <ietf-smime@imc.org>; Mon, 24 Jan 2000 20:03:32 -0800 (PST)
Received: from 127.0.0.1 by dfssl.exchange.microsoft.com (InterScan E-Mail VirusWall NT); Mon, 24 Jan 2000 19:31:01 -0800 (Pacific Standard Time)
Received: by dfssl with Internet Mail Service (5.5.2650.21)
	id <DFRQ0FSK>; Mon, 24 Jan 2000 19:31:01 -0800
Message-ID: <CC2E64D4B3BAB646A87B5A3AE9709042041B98EB@speak.platinum.corp.microsoft.com>
From: Jim Schaad <jimsch@EXCHANGE.MICROSOFT.com>
To: =?iso-8859-1?Q?=27Pedro_F=E9lix=27?= <pfelix@isel.pt>,
        Tolga Acar
	 <TACAR@novell.com>, ietf-pkix@imc.org
Cc: "Ietf-Smime (E-mail)" <ietf-smime@imc.org>
Subject: RE: Binding between keys and schemes?
Date: Mon, 24 Jan 2000 19:30:54 -0800
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01BF66E4.98F2C2AA"
Sender: owner-ietf-smime@imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01BF66E4.98F2C2AA
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

My personal opinion on this issue is that in the absense of other =
knowledge
PKCS1-v1_5 would be used.  If the S/MIME capabilities contained the OID =
for
OAEP, then it could be used instead.  The certificate does not state =
which
scheme is to be used (just as it does not state that 3DES or RC5 should =
be
the bulk encryption algorithm used).
=20
jim

-----Original Message-----
From: Pedro F=E9lix [mailto:pfelix@isel.pt]
Sent: Friday, January 21, 2000 2:26 AM
To: Tolga Acar; ietf-pkix@imc.org
Subject: Re: Binding between keys and schemes?



First of all, thanks for your reply.
=20
I apologise for not making my question clear.

When I asked about the binding between a key and a scheme, I was not
refering to the scheme used to sign the certificate.
=20
Let's supose that  ALICE, running protocol P, want's to send a PKCS#7
Envelope to BOB, and has a X.509 certificate of BOB's public key (with
rsaEncryption OID on the subjectPublicKeyInfo field). The certificate =
was
signed with scheme X (eg. DSA) and was correctly verified by ALICE =
using
that scheme.
Which ENCRYPTION scheme should ALICE use to build the Envelope? (
RSAES-PKCS1-v1_5, RSAES-OAEP , ...)
Probably ALICE would want to use the new RSAES-OAEP, but does BOB =
support
it?
If I understood you correctly, this binding between the key and the =
scheme
IS NOT made by a X.509 certificate (except when the retation is 1-1) =
and has
to be built by other means (possibly defined by the protocol P). I'm I
right?
=20
I assume that the source of my initial confusion comes from the fact =
that,
in PKCS#1, the same OID (rsaEncryption) is used to identify both a key =
and a
encryption scheme.
=20
=20
Once again, I thank you for your reply
=20
Best regards
=20
- Pedro Felix


------_=_NextPart_001_01BF66E4.98F2C2AA
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">


<META content=3DSHTML name=3DNERATOR 5.00.2314.1000?>
<META content=3D"MSHTML 5.00.2920.0" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#fffff style=3D"ONT: " 10pt Arial; MARGIN-LEFT: 2px; =
MARGIN-TOP:=20
2px?>
<DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN =
class=3D044222903-25012000>My=20
personal opinion on this issue is that in the absense of other =
knowledge=20
PKCS1-v1_5 would be used.&nbsp; If the S/MIME capabilities contained =
the OID for=20
OAEP, then it could be used instead.&nbsp; The certificate does not =
state which=20
scheme is to be used (just as it does not state that 3DES or RC5 should =
be the=20
bulk encryption algorithm used).</SPAN></FONT></DIV>
<DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20
class=3D044222903-25012000></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20
class=3D044222903-25012000>jim</SPAN></FONT></DIV>
<BLOCKQUOTE=20
style=3D"BORDER-LEFT: #0000ff 2px solid; MARGIN-LEFT: 5px; =
MARGIN-RIGHT: 0px; PADDING-LEFT: 5px">
  <DIV align=3Dleft class=3DOutlookMessageHeader dir=3Dltr><FONT =
face=3DTahoma=20
  size=3D2>-----Original Message-----<BR><B>From:</B> Pedro F=E9lix=20
  [mailto:pfelix@isel.pt]<BR><B>Sent:</B> Friday, January 21, 2000 2:26 =

  AM<BR><B>To:</B> Tolga Acar; ietf-pkix@imc.org<BR><B>Subject:</B> Re: =
Binding=20
  between keys and schemes?<BR><BR></DIV></FONT>
  <DIV><FONT face=3DArial size=3D2>
  <DIV><FONT face=3DArial size=3D2>First of all, thanks for your =
reply.</FONT></DIV>
  <DIV>&nbsp;</DIV>
  <DIV><FONT face=3DArial size=3D2>I apologise for not making my =
question=20
  clear.</FONT></DIV>
  <DIV><FONT face=3DArial size=3D2>
  <DIV>
  <DIV>When I asked about the binding between a key and a scheme, I was =
not=20
  refering to the scheme used to sign the certificate.</DIV>
  <DIV>&nbsp;</DIV>
  <DIV>Let's supose that&nbsp; ALICE, running protocol P, want's to =
send a=20
  PKCS#7 Envelope to BOB, and has a X.509 certificate of BOB's public =
key=20
  (with&nbsp;rsaEncryption OID on the subjectPublicKeyInfo field). The=20
  certificate was signed&nbsp;with scheme X (eg. DSA) and was correctly =
verified=20
  by ALICE using that scheme.</DIV>
  <DIV>Which&nbsp;ENCRYPTION scheme should ALICE use to build the =
Envelope? (=20
  RSAES-PKCS1-v1_5, RSAES-OAEP , ...)</DIV>
  <DIV>Probably ALICE would want to use the new RSAES-OAEP, but does =
BOB support=20
  it?</DIV>
  <DIV>If I understood you correctly, this binding between the key and =
the=20
  scheme&nbsp;IS NOT made by a X.509 certificate (except when the =
retation is=20
  1-1) and has to be built by other means (possibly defined by the =
protocol P).=20
  I'm I right?</DIV>
  <DIV>&nbsp;</DIV>
  <DIV>I assume that the source of my initial confusion comes from the =
fact=20
  that, in PKCS#1, the same OID (rsaEncryption) is used to identify =
both&nbsp;a=20
  key and a encryption scheme.</DIV>
  <DIV>&nbsp;</DIV>
  <DIV>&nbsp;</DIV>
  <DIV>Once again, I thank you for your reply</DIV>
  <DIV>&nbsp;</DIV>
  <DIV>Best regards</DIV>
  <DIV>&nbsp;</DIV>
  <DIV>- Pedro=20
Felix</FONT></FONT></DIV></DIV></DIV></DIV></BLOCKQUOTE></BODY></HTML>

------_=_NextPart_001_01BF66E4.98F2C2AA--



Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id UAA03055 for ietf-smime-bks; Mon, 24 Jan 2000 20:03:34 -0800 (PST)
Received: from dfssl.exchange.microsoft.com ([131.107.88.59]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id UAA03050 for <ietf-smime@imc.org>; Mon, 24 Jan 2000 20:03:32 -0800 (PST)
Received: from 127.0.0.1 by dfssl.exchange.microsoft.com (InterScan E-Mail VirusWall NT); Mon, 24 Jan 2000 19:31:01 -0800 (Pacific Standard Time)
Received: by dfssl with Internet Mail Service (5.5.2650.21) id <DFRQ0FSK>; Mon, 24 Jan 2000 19:31:01 -0800
Message-ID: <CC2E64D4B3BAB646A87B5A3AE9709042041B98EB@speak.platinum.corp.microsoft.com>
From: Jim Schaad <jimsch@EXCHANGE.MICROSOFT.com>
To: =?iso-8859-1?Q?=27Pedro_F=E9lix=27?= <pfelix@isel.pt>, Tolga Acar <TACAR@novell.com>, ietf-pkix@imc.org
Cc: "Ietf-Smime (E-mail)" <ietf-smime@imc.org>
Subject: RE: Binding between keys and schemes?
Date: Mon, 24 Jan 2000 19:30:54 -0800
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01BF66E4.98F2C2AA"
Sender: owner-ietf-smime@imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01BF66E4.98F2C2AA
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

My personal opinion on this issue is that in the absense of other =
knowledge
PKCS1-v1_5 would be used.  If the S/MIME capabilities contained the OID =
for
OAEP, then it could be used instead.  The certificate does not state =
which
scheme is to be used (just as it does not state that 3DES or RC5 should =
be
the bulk encryption algorithm used).
=20
jim

-----Original Message-----
From: Pedro F=E9lix [mailto:pfelix@isel.pt]
Sent: Friday, January 21, 2000 2:26 AM
To: Tolga Acar; ietf-pkix@imc.org
Subject: Re: Binding between keys and schemes?



First of all, thanks for your reply.
=20
I apologise for not making my question clear.

When I asked about the binding between a key and a scheme, I was not
refering to the scheme used to sign the certificate.
=20
Let's supose that  ALICE, running protocol P, want's to send a PKCS#7
Envelope to BOB, and has a X.509 certificate of BOB's public key (with
rsaEncryption OID on the subjectPublicKeyInfo field). The certificate =
was
signed with scheme X (eg. DSA) and was correctly verified by ALICE =
using
that scheme.
Which ENCRYPTION scheme should ALICE use to build the Envelope? (
RSAES-PKCS1-v1_5, RSAES-OAEP , ...)
Probably ALICE would want to use the new RSAES-OAEP, but does BOB =
support
it?
If I understood you correctly, this binding between the key and the =
scheme
IS NOT made by a X.509 certificate (except when the retation is 1-1) =
and has
to be built by other means (possibly defined by the protocol P). I'm I
right?
=20
I assume that the source of my initial confusion comes from the fact =
that,
in PKCS#1, the same OID (rsaEncryption) is used to identify both a key =
and a
encryption scheme.
=20
=20
Once again, I thank you for your reply
=20
Best regards
=20
- Pedro Felix


------_=_NextPart_001_01BF66E4.98F2C2AA
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">


<META content=3DSHTML name=3DNERATOR 5.00.2314.1000?>
<META content=3D"MSHTML 5.00.2920.0" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#fffff style=3D"ONT: " 10pt Arial; MARGIN-LEFT: 2px; =
MARGIN-TOP:=20
2px?>
<DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN =
class=3D044222903-25012000>My=20
personal opinion on this issue is that in the absense of other =
knowledge=20
PKCS1-v1_5 would be used.&nbsp; If the S/MIME capabilities contained =
the OID for=20
OAEP, then it could be used instead.&nbsp; The certificate does not =
state which=20
scheme is to be used (just as it does not state that 3DES or RC5 should =
be the=20
bulk encryption algorithm used).</SPAN></FONT></DIV>
<DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20
class=3D044222903-25012000></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20
class=3D044222903-25012000>jim</SPAN></FONT></DIV>
<BLOCKQUOTE=20
style=3D"BORDER-LEFT: #0000ff 2px solid; MARGIN-LEFT: 5px; =
MARGIN-RIGHT: 0px; PADDING-LEFT: 5px">
  <DIV align=3Dleft class=3DOutlookMessageHeader dir=3Dltr><FONT =
face=3DTahoma=20
  size=3D2>-----Original Message-----<BR><B>From:</B> Pedro F=E9lix=20
  [mailto:pfelix@isel.pt]<BR><B>Sent:</B> Friday, January 21, 2000 2:26 =

  AM<BR><B>To:</B> Tolga Acar; ietf-pkix@imc.org<BR><B>Subject:</B> Re: =
Binding=20
  between keys and schemes?<BR><BR></DIV></FONT>
  <DIV><FONT face=3DArial size=3D2>
  <DIV><FONT face=3DArial size=3D2>First of all, thanks for your =
reply.</FONT></DIV>
  <DIV>&nbsp;</DIV>
  <DIV><FONT face=3DArial size=3D2>I apologise for not making my =
question=20
  clear.</FONT></DIV>
  <DIV><FONT face=3DArial size=3D2>
  <DIV>
  <DIV>When I asked about the binding between a key and a scheme, I was =
not=20
  refering to the scheme used to sign the certificate.</DIV>
  <DIV>&nbsp;</DIV>
  <DIV>Let's supose that&nbsp; ALICE, running protocol P, want's to =
send a=20
  PKCS#7 Envelope to BOB, and has a X.509 certificate of BOB's public =
key=20
  (with&nbsp;rsaEncryption OID on the subjectPublicKeyInfo field). The=20
  certificate was signed&nbsp;with scheme X (eg. DSA) and was correctly =
verified=20
  by ALICE using that scheme.</DIV>
  <DIV>Which&nbsp;ENCRYPTION scheme should ALICE use to build the =
Envelope? (=20
  RSAES-PKCS1-v1_5, RSAES-OAEP , ...)</DIV>
  <DIV>Probably ALICE would want to use the new RSAES-OAEP, but does =
BOB support=20
  it?</DIV>
  <DIV>If I understood you correctly, this binding between the key and =
the=20
  scheme&nbsp;IS NOT made by a X.509 certificate (except when the =
retation is=20
  1-1) and has to be built by other means (possibly defined by the =
protocol P).=20
  I'm I right?</DIV>
  <DIV>&nbsp;</DIV>
  <DIV>I assume that the source of my initial confusion comes from the =
fact=20
  that, in PKCS#1, the same OID (rsaEncryption) is used to identify =
both&nbsp;a=20
  key and a encryption scheme.</DIV>
  <DIV>&nbsp;</DIV>
  <DIV>&nbsp;</DIV>
  <DIV>Once again, I thank you for your reply</DIV>
  <DIV>&nbsp;</DIV>
  <DIV>Best regards</DIV>
  <DIV>&nbsp;</DIV>
  <DIV>- Pedro=20
Felix</FONT></FONT></DIV></DIV></DIV></DIV></BLOCKQUOTE></BODY></HTML>

------_=_NextPart_001_01BF66E4.98F2C2AA--


Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id KAA08613 for ietf-smime-bks; Mon, 24 Jan 2000 10:19:15 -0800 (PST)
Received: from sentry (firewall-user@sentry.gw.tislabs.com [192.94.214.100]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id KAA08609 for <ietf-smime@imc.org>; Mon, 24 Jan 2000 10:19:13 -0800 (PST)
Received: by sentry; id NAA28292; Mon, 24 Jan 2000 13:22:05 -0500 (EST)
Received: from clipper.gw.tislabs.com(10.33.1.2) by sentry.gw.tislabs.com via smap (V5.5) id xma028281; Mon, 24 Jan 00 13:21:11 -0500
Received: (from balenson@localhost) by clipper.gw.tislabs.com (8.9.3/8.9.1) id NAA12546 for ietf-smime@imc.org; Mon, 24 Jan 2000 13:17:00 -0500 (EST)
Date: Mon, 24 Jan 2000 13:17:00 -0500 (EST)
From: "David M. Balenson" <balenson@tislabs.com>
Message-Id: <200001241817.NAA12546@clipper.gw.tislabs.com>
To: ietf-smime@imc.org
Subject: Last chance to register for NDSS 2000
Sender: owner-ietf-smime@imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>

L A S T   C H A N C E   -  R E G I S T E R   F O R   N D S S   2 0 0 0

THE INTERNET SOCIETY'S
Year 2000 NETWORK AND DISTRIBUTED SYSTEM SECURITY (NDSS) SYMPOSIUM
February 2-4, 2000
Catamaran Resort Hotel, San Diego, California
General Chair:   Steve Welke, Trusted Computer Solutions
Program Chairs:  Gene Tsudik, USC/Information Sciences Institute
		 Avi Rubin, AT&T Labs - Research

ONLINE INFORMATION AND REGISTRATION:  http://www.isoc.org/ndss2000
REGISTER ONLINE ON OR BEFORE WEDNESDAY, JANUARY 26
REGISTER ONSITE AFTER WEDNESDAY, JANUARY 26

The 7th annual NDSS Symposium brings together researchers,
implementers, and users of network and distributed system security
technologies to discuss today's important security issues and
challenges.  The Symposium provides a mix of technical papers and
panel presentations that describe promising new approaches to
security problems that are practical and, to the extent possible,
have been implemented.  NDSS fosters the exchange of technical
information and encourages the Internet community to deploy available
security technologies and develop new solutions to unsolved problems.

KEYNOTE SPEAKER: Gene Spafford, Professor of Computer Sciences at
Purdue University, an expert in information security, computer crime
investigation and information ethics.  Spaf (as he is known to his
friends, colleagues, and students) is director of the Purdue CERIAS
(Center for Education and Research in Information Assurance and
Security), and was the founder and director of the (now superseded)
COAST Laboratory. 

THIS YEAR'S TOPICS INCLUDE:
- Automated Detection of Buffer Overrun Vulnerabilities
- User-Level Infrastructure for System Call Interposition
- Optimized Group Rekey for Group Communication Systems
- IPSec-based Host Architecture for Secure  Internet Multicast
- The Economics of Security
- Automatic Generation of Security Protocols
- Security Protocols for SPKI-based Delegation Systems
- Secure Border Gateway Protocol (S-BGP)
- Analysis of a Fair Exchange Protocol
- Secure Password-Based Protocols for TLS
- Chameleon Signatures
- Lightweight Tool for Detecting Web Server Attacks
- Adaptive and Agile Applications Using Intrusion Detection
- Secure Virtual Enclaves
- Encrypted rlogin Connections Created With Kerberos IV
- Accountability and Control of Process Creation in Metasystems
- Red Teaming and Network Security

PRE-CONFERENCE TECHNICAL TUTORIALS:
- Network Security Protocol Standards, Dr. Stephen T. Kent
- Deployed and Emerging Security Systems for the Internet, Dr. Radia
  Perlman and Charlie Kaufman
- Mobile Code Security and Java 2 Architecture, Dr. Gary McGraw
- Cryptography 101, Dr. Aviel D. Rubin
- Public Key Infrastructure - The Truth and How to Find It, Dr. Daniel
  E. Geer, Jr.
- An Introduction to Intrusion Detection Technology, Mr. Mark Wood 

FOR MORE INFORMATION contact the Internet Society:
  Internet Society, 11150 Sunset Hills Road, Reston, VA, 20190 USA
  Phone: +1-703-326-9880         Fax: +1-703-326-9881
  E-mail: ndss2000reg@isoc.org   URL: http://www.isoc.org/ndss2000/

SPONSORSHIP OPPORTUNITIES AVAILABLE!  Take advantage of this high
visibility event.  Contact Carla Rosenfeld at the Internet Society
at +1-703-326-9880 or send e-mail to carla@isoc.org.

THE INTERNET SOCIETY is a non-governmental organization for global
cooperation and coordination for the Internet and its
internetworking technologies and applications.



Received: by ns.secondary.com (8.9.3/8.9.3) id GAA05128 for ietf-smime-bks; Mon, 24 Jan 2000 06:39:03 -0800 (PST)
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id GAA05124 for <ietf-smime@imc.org>; Mon, 24 Jan 2000 06:39:01 -0800 (PST)
Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA08480; Mon, 24 Jan 2000 09:40:27 -0500 (EST)
Message-Id: <200001241440.JAA08480@ietf.org>
To: IETF-Announce: ;
Cc: RFC Editor <rfc-editor@isi.edu>
Cc: Internet Architecture Board <iab@isi.edu>
Cc: ietf-smime@imc.org
From: The IESG <iesg-secretary@ietf.org>
Subject: Document Action: Methods for Avoiding the 'Small-Subgroup' Attacks on the Diffie-Hellman Key Agreement Method for S/MIME to Informational
Date: Mon, 24 Jan 2000 09:40:27 -0500
Sender: owner-ietf-smime@imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>

The IESG has approved the Internet-Draft 'Methods for Avoiding the
'Small-Subgroup' Attacks on the Diffie-Hellman Key Agreement Method for
S/MIME' <draft-ietf-smime-small-subgroup-03.txt> as an Informational
RFC.  This document is the product of the S/MIME Mail Security Working
Group.  The IESG contact persons are Jeffrey Schiller and Marcus
Leech.


Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id FAA07221 for ietf-smime-bks; Tue, 4 Jan 2000 05:37:24 -0800 (PST)
Received: from sentry (firewall-user@sentry.gw.tislabs.com [192.94.214.100]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id FAA07217 for <ietf-smime@imc.org>; Tue, 4 Jan 2000 05:37:22 -0800 (PST)
Received: by sentry; id IAA03632; Tue, 4 Jan 2000 08:38:27 -0500 (EST)
Received: from clipper.gw.tislabs.com(10.33.1.2) by sentry.gw.tislabs.com via smap (V5.5) id xma003624; Tue, 4 Jan 00 08:38:18 -0500
Received: (from balenson@localhost) by clipper.gw.tislabs.com (8.9.3/8.9.1) id IAA12377 for ietf-smime@imc.org; Tue, 4 Jan 2000 08:36:57 -0500 (EST)
Date: Tue, 4 Jan 2000 08:36:57 -0500 (EST)
From: "David M. Balenson" <balenson@tislabs.com>
Message-Id: <200001041336.IAA12377@clipper.gw.tislabs.com>
To: ietf-smime@imc.org
Subject: Jan. 6th early registration deadline for NDSS 2000
Sender: owner-ietf-smime@imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>

S A V E   $ 7 0   O F F   R E G I S T R A T I O N   F E E ! !
R E G I S T E R   B Y   J A N U A R Y   6 ,   2 0 0 0 

THE INTERNET SOCIETY'S
Year 2000 NETWORK AND DISTRIBUTED SYSTEM SECURITY (NDSS) SYMPOSIUM
February 2-4, 2000
Catamaran Resort Hotel, San Diego, California
General Chair:   Steve Welke, Trusted Computer Solutions
Program Chairs:  Gene Tsudik, USC/Information Sciences Institute
		 Avi Rubin, AT&T Labs - Research

ONLINE INFORMATION AND REGISTRATION:  http://www.isoc.org/ndss2000
EARLY REGISTRATION DISCOUNT DEADLINE:  January 6, 2000

The 7th annual NDSS Symposium brings together researchers,
implementers, and users of network and distributed system security
technologies to discuss today's important security issues and
challenges.  The Symposium provides a mix of technical papers and
panel presentations that describe promising new approaches to
security problems that are practical and, to the extent possible,
have been implemented.  NDSS fosters the exchange of technical
information and encourages the Internet community to deploy available
security technologies and develop new solutions to unsolved problems.

KEYNOTE SPEAKER: Gene Spafford, Professor of Computer Sciences at
Purdue University, an expert in information security, computer crime
investigation and information ethics.  Spaf (as he is known to his
friends, colleagues, and students) is director of the Purdue CERIAS
(Center for Education and Research in Information Assurance and
Security), and was the founder and director of the (now superseded)
COAST Laboratory. 

THIS YEAR'S TOPICS INCLUDE:
- Automated Detection of Buffer Overrun Vulnerabilities
- User-Level Infrastructure for System Call Interposition
- Optimized Group Rekey for Group Communication Systems
- IPSec-based Host Architecture for Secure  Internet Multicast
- The Economics of Security
- Automatic Generation of Security Protocols
- Security Protocols for SPKI-based Delegation Systems
- Secure Border Gateway Protocol (S-BGP)
- Analysis of a Fair Exchange Protocol
- Secure Password-Based Protocols for TLS
- Chameleon Signatures
- Lightweight Tool for Detecting Web Server Attacks
- Adaptive and Agile Applications Using Intrusion Detection
- Secure Virtual Enclaves
- Encrypted rlogin Connections Created With Kerberos IV
- Accountability and Control of Process Creation in Metasystems
- Red Teaming and Network Security

PRE-CONFERENCE TECHNICAL TUTORIALS:
- Network Security Protocol Standards, Dr. Stephen T. Kent
- Deployed and Emerging Security Systems for the Internet, Dr. Radia
  Perlman and Charlie Kaufman
- Mobile Code Security and Java 2 Architecture, Dr. Gary McGraw
- Cryptography 101, Dr. Aviel D. Rubin
- Public Key Infrastructure - The Truth and How to Find It, Dr. Daniel
  E. Geer, Jr.
- An Introduction to Intrusion Detection Technology, Mr. Mark Wood 

FOR MORE INFORMATION contact the Internet Society:
  Internet Society, 11150 Sunset Hills Road, Reston, VA, 20190 USA
  Phone: +1-703-326-9880         Fax: +1-703-326-9881
  E-mail: ndss2000reg@isoc.org   URL: http://www.isoc.org/ndss2000/

SPONSORSHIP OPPORTUNITIES AVAILABLE!  Take advantage of this high
visibility event.  Contact Carla Rosenfeld at the Internet Society
at +1-703-326-9880 or send e-mail to carla@isoc.org.

THE INTERNET SOCIETY is a non-governmental organization for global
cooperation and coordination for the Internet and its
internetworking technologies and applications.