ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: S-MIME key length

1999-10-28 06:39:09
from [Ward, Jon] [Permanent Link] 
We, at Blue Cross, are using an SMTP relay with a combined S/MIME Proxy that
stores certificates, performs the encryption, signing, decryption and
validation of signatures at the proxy as the messages pass the proverbial
gate.  It attaches an explanation of the message's security status to
incoming messages.  I have attached the "alert" file itself as an example.
It explains that the certificate was not verifiable because we don't trust
Novell's root certificate yet.

So, we are eating our own dog food, and are not facing a significant
obstacle with 2048 bit keys.  We will trust the root certificate and monitor
the status of new, incoming, signed messages.  Further bulletins will follow
as events warrant.

Jon Ward
Senior Systems Analyst/Messaging Architecture
Blue Cross Blue Shield of Florida
Voice: +1 (904) 791-6057
Jon(_dot_)Ward(_at_)bcbsfl(_dot_)com



-----Original Message-----
From: BJUENEMAN(_at_)novell(_dot_)com [mailto:BJUENEMAN(_at_)novell(_dot_)com]
Sent: Wednesday, October 27, 1999 7:20 PM
To: dennis(_dot_)glatting(_at_)plaintalk(_dot_)bellevue(_dot_)wa(_dot_)us
Cc: ietf-smime(_at_)imc(_dot_)org
Subject: Re: S-MIME key length


And your signed message causes GroupWise to say, effectively, that 
"dennis(_dot_)glatting(_at_)plaintalk(_dot_)bellevue(_dot_)wa(_dot_)us" is not 
the same person 
as the "dennis(_dot_)glatting(_at_)software-munitions(_dot_)com" that was 
issued a VeriSign
certificate.

But did Communicator complain because you don't haven't added the 
Novell root certificate to your cache of trusted roots, or because your 
incoming mail processor modified the contents somehow, or was 
there some other kind of problem?

And BTW, Has anyone notied the irony of having these kinds of problem 
on this list? Maybe we should all start eating our own dog food, and 
actually use the stuff we're building, on this list in particular?

This is signed with a 1024 bit key, using the same root certificate, which 
however uses a 2048 bit key.

Bob


Dennis Glatting 
<dennis(_dot_)glatting(_at_)plaintalk(_dot_)bellevue(_dot_)wa(_dot_)us> 
10/27/99

03:34PM >>>
BJUENEMAN(_at_)novell(_dot_)com wrote:


This message is signed with a 2048 bit key.  So far, I haven't encountered

anyone

who hasn't been able to validate the signature with that length key.

Encryption

could conceivably be a different issue, depending on whether or not a

recipient

is constrained by export and/or import policy.



Funny you should mention that. When I clicked to read your message my
Netscape 4.61 Communicator displays an icon stating "Invalid
Signature".

Attachment: wssalert.txt
Description: Text document

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: S-MIME key length, Dennis Glatting
Next by Date:  S/MIME interoperability testing., BJUENEMAN
Previous by Thread:  Re: S-MIME key length, Lisa Repka
Next by Thread:  I-D ACTION:draft-ietf-smime-examples-03.txt, Internet-Drafts
Indexes:  [Date] [Thread] [Top] [All Lists]