I retrieved according to the following instructions: "Interested users may
retrieve COST's official PEM policy statement by sending the e-mail letter
To: cost-pem(_at_)cost(_dot_)dsv(_dot_)su(_dot_)se with Subject: PEM Policy
Request."
I received the following document (modulo repairs to account for tabs). I
have a few questions.
How can the document say "COST--PEM system is implemented fully in
accordance with the official Internet RFC 1421-1424 PEM specifications",
and then go on to have phrases like "Contrary to the PEM RFCs
specifications ... "?
Putting on our user hat, do we think that this policy is specific enough to
give us a warm fuzzy feeling about the assurance we are getting? What do
we think about those prices?
(Tongue in cheek) If correct display of the policy statement depends on
local tab settings, how likely is it that the PEM implementation will work
when we get it.
Regards, -Rob-
Robert W. Shirey, The MITRE Corporation, Mail Stop Z202
7525 Colshire Drive, McLean, Virginia 22102-3481 USA
shirey(_at_)mitre(_dot_)org * tel 703.883.7210 * fax 703.883.1397
----------------------------------------------------------------------------
-----
Date: Thu, 9 Sep 93 16:29:51 +0200
From: COST-PEM Manager <cost-pem(_at_)sec3(_dot_)dsv(_dot_)su(_dot_)se> To:
shirey(_at_)mitre(_dot_)org
Subject: PEM Policy Reply
X-Mdf: Mail for shirey sent to shirey(_at_)smiley(_dot_)mitre(_dot_)org
+----------------------------------------------------------+
| COST International Consortium |
| Computer Security Technologies AB |
| Stockholm, Sweden |
+----------------------------------------------------------+
| C O S T --- P E M |
| Internet Privacy Enhanced Mail (PEM) |
| (Version 1.0) |
+----------------------------------------------------------+
This document is created and issued in accordance with the PEM
specifications (RFC 1422, Section 3.4.3: Policy Certification Authorities).
It describes and clarifies to
(a) potential users of the COST--PEM system, and
(b) to other PEM PCAs and CAs
COST Certificate Authority policy concerning:
(1) availability and distribution of the COST--PEM system,
(2) rules and procedures for registration of new PEM users,
(3) protocols for management of certificates, and
(4) CRL procedures and policies.
This Document consists of two parts: the first part is the brief
description of the COST--PEM system. The second part is COST Consortium
Policy statement.
COST--PEM system is implemented fully in accordance with the official
Internet RFC 1421-1424 PEM specifications, but the first part of this
Document is included as a brief description of the COST--PEM
implementation, its functions, and usage.
The second part of this Document is the COST Consortium Policy statement
and it covers the distribution of the COST--PEM system and usage of COST
Certificate Authorities, as required by the PEM RFCs.
+----------------------------------------------------------+
| Description of the COST--PEM System |
| (Functions, Structure and Usage) |
+----------------------------------------------------------+
1. Introduction: COST--PEM System
----------------------------------------------
COST--PEM is Privacy Enhanced mail system for Internet mail, implemented
completely according to the Internet PEM standards: RFC 1421, RFC 1422, RFC
1423, and RFC 1424 (subsequently called: PEM RFCs). It provides three basic
PEM functions: (1) full X.509 certificate management, (2) user's creation
of PEM letters and their submission into a standard Internet mail system,
and (3) user's receipt of PEM letters, their recovery and verification.
X.509 certificate management system supports all functions: generation of
certificates, signing of certificates, distribution of certificates, and
revocation of certificates.
User's PEM functions are all those recommended in the PEM RFCs. These
functions are based on use of certificates.
In the current version, COST--PEM has two limitations, as compared to the
PEM RFCs:
1. Certificate management system is based only on public
key cryptography, and symmetric (secret) key systems are not supported.
2. Mail for mailing lists is not implemented.
These restrictions will be eliminated in the subsequent versions of the
COST--PEM systems.
2. The Structure and Functions of the COST--PEM System
------------------------------------------------------
COST--PEM is a secure E--mail system which provides users of Internet
network the possibilities to extend their standard mail systems with
additional security features. With the PEM system users may create
protected letters, receive and verify protected letters, guarantee sender's
authenticity to all potential receivers, as well as provide receiver's
authenticity to the sender.
Besides basic functions of creating and sending, and subsequently receiving
and verifying the E--mail letters, one important component of the COST--PEM
system is the certificate management system. It is based on the X.509
specifications. Secret user keys are stored on protected diskettes.
COST--PEM system consists of two subsystems, i.e. (a) X.509 certificate
management system, and (b) PEM user functions.
X.509 Certificate Management System
-----------------------------------
X.509 certificate management system consists of Certificate Authority (CA)
servers and protocols to perform all certificate management functions. CA
servers must be organized in the hierarchy, as defined in the X.509
standard. Variable structure of the CAs hierarchy may be installed for each
corporate (company) PEM user, according to relevant organizational and
operational criteria. COST Computer Security Technologies in Sweden will
function (just as the initiation of an international certificate hierarchy)
as the top level international CA for the COST--PEM. COST as the CA
currently signs the top level certificates of all other PEM participants
using COST PEM software.
The second component of the X.509 system is the set of all certificate
management protocols which enable all servers to generate their
certificates, sign lower level certificates, communicate mutually and also
with their associated users on the lowest level of the hierarchy. These
protocols are perforemd automatically, through the set of specially
designed PEM letters.
COST--PEM User Functions
-------------------------
The second component of the PEM system is the set of user security
functions. They are implemented on user workstations (all three major types
of user workstations are supported: PCs, Macintosh and UNIX PEM user
workstations are available). User secret keys are stored on protected
diskettes. If the workstation has no diskette unit, the secret keys are
stored on the local disk. (Extended version of the COST--PEM system, based
on usage of COST smart cards is currently under development.)
Users may register themselves, generate their own certificates, send them
for signatures, create and send, also retrieve and verify PEM letters, and
retrieve and verify partners' certificates. All user PEM functions and
their communications with local CAs are implemented by a set of friendly,
transparent functions.
The system must be initially installed in the "top--down" approach: first
the central, top level COST CA must be established (its certificate is
"self--signed"). This CA has already been established and its address is
cost-pem(_at_)cost(_dot_)dsv(_dot_)su(_dot_)se
With this CA, lower level CAs may be installed, they may generate their
certificates and send to the central CA (COST) for signature. When
returned, they may further sign the certificates of lower CAs or local
users.
Finally, when certificates of the lowest level CAs (user CAs) are signed,
users may start their own certificate generation and their submission to
local CAs for signature. Upon return, users may create and receive PEM
letters from other PEM users. PEM users may also send and receive E--mail
letters from users who don't have the PEM system.
+----------------------------------------------------------+
| COST Consortium Policy Statement |
+----------------------------------------------------------+
This part of this Document is the COST Consortium Policy statement and it
is structured according to the PEM RFC 1422, Section 3.4.3:
1. COST International PCA: Identity
------------------------------------
COST International consortium will serve as the top level PCA for the
COST--PEM system. It will establish a number of national organizations,
each serving as national CAs, while COST International consortium will be
the international PCA (located in Sweden). The certificates of the national
CAs will be signed by the COST International certificate.
The current postal address of the COST International consortium is:
COST Computer Security Technologies AB
Barnhemsvagen 12
165 76 Hasselby, Sweden
Other contacts for the COST International consortium are:
Person: : Sead Muftic
E-mail address : sead(_at_)dsv(_dot_)su(_dot_)se
Telephone : +46-8-16 16 92
Fax : +46-8-703-9025
Currently there is only one international (top level) CA at the E--mail address:
cost-pem(_at_)cost(_dot_)dsv(_dot_)su(_dot_)se
2. COST International PCA: Scope of Activities
-----------------------------------------------
COST International will serve as an international PCA. It will establish
and serve a number of lower hierarchical levels CAs. Bellow COST
International there will be a number of national CAs. They will be
established in each country.
In case of further interest and widespread use of the COST--PEM system,
COST will establish CAs at levels lower than national CAs. In that case
their certificates will be signed by national CAs.
This version of the COST--PEM supports PCA and CAs which serve only
organizational and residential CAs and users. PERSONA users are not
supported, they will be implemented in some of the subsequent versions of
COST--PEM.
3. COST International PCA: Security and Privacy
-----------------------------------------------
COST consortium and its associated members will use advanced security
technologies to protect COST--PEM software and its security parameters. All
private keys will be kept encrypted and all procedures using those keys (to
sign certificates) will delete all instances of those keys after usage.
Soon, COST smart cards will be used for additional protection of secret
keys and signature algoritms.
COST--PEM system will be a part of a larger security system implemented at
each workstation where PCA or CA software is used (in local networks). That
security system will use special passwords and encryption techniques to
protect PEM programs and sensitive information belonging to the PEM system.
Each PEM resource will be protected against unauthorized modification,
duplication or unauthorized usage.
4. COST International PCA: Certification Policy
------------------------------------------------
In this stage, COST International as the PCA will certify only those lower
level PCAs and CAs which are using COST--PEM software. Through specially
designed procedures for tuning up the PEM software before its distribution,
COST will perform verification of PCAs' and CAs' identities,
authorizations, and "locations" in the hierarchy. Therefore COST Consortium
will run HIGH ASSURANCE PCA and CA procedures for its customers.
Certification policy will be organized in a strict hierarchy of
certificates. This hierarchy will be based on Internet DN conventions and
E--mail addressing schemes (RFC 822). RFC 822 addresses are converted to
the DNs so that the top level name domain (the rightmost element in the
E--mail address) is treated as Country (C), the next lower level
sub--domain as Organization (O), the rest of the domain name as
Organizational Unit (OU), while the Full Name part of the RFC 822 address
is treated as Common Name. In such a way no conflict between DNs may
appear. The hierarchy of certificates, uniqueness and verification of DNs
and binding of PCA, CAs and users will be enforced through the structure
and functioning of the COST--PEM software: the modules will be initialized
in such a way to ensure all these requirements.
The COST PCA and other CAs will impose the maximum validity time interval
for the issued certificates. That interval (in this version of the COST
PEM) is two years.
5. COST International PCA: CRL Management
-----------------------------------------
Certificates revocation will be performed if requested by the subject that
posesses the certificate. Subjects should request certificate revocation if
they suspect that the private component of the RSA key pair has been
compromised, if identifying information contained in the certificate has
changed or if the validity interval of the certificate has expired.
The COST PCA and each CA will keep the list of revoked certificates (CRL).
Each list will contain:
a. revoked certificates of subordinate CAs, and
b. revoked certificates of superior CAs and the PCA.
CRLs will be updated with the expired certificates and with existing
current certificates, when new request for a certificate is received.
Contrary to the PEM RFCs specifications, the CRLs will not be distributed
through the hierarchy. They will be kept by CAs as the local CRL database.
The CRLs will be used to reply to user requests for distribution or
verification of particular certificates.
The use of the CRLs will be based on various types of PEM letters, those
defined by the RFC 1424 document and some additional letters, needed to
support all types of CRL management functions.
6. COST International PCA: Naming Conventions
----------------------------------------------
COST PCA, CAs and users' names will be full Internet E-mail addresses. Some
regulations, restrictions and mutual hierarchical relations are described
in the product documentation.
COST Consortium will try through cooperation with national Internet naming
authorities to establish standard ("easy-to-remember") names for PCAs and
CAs. They will be either in the form
cost-pem @ cost.<country>
or at least in the form
cost-pem @ cost.<domain>
7. COST International PCA: Business Issues
------------------------------------------
COST International Consortium will distribute and run COST--PEM system on a
commercial basis.
The initial contract between COST International consortium and other
interested parties will include: (1) CA software to implement the
corresponding CA hierarchy for certificate management, (2) user PEM
software, (3) manuals with installation and usage instructions, and (4)
assistance in setting up the PEM system.
Annual fees will also be charged to cover: (1) operational expenses of the
COST PCA and CAs, (2) maintenance of software, (3) signing and verification
of certificates, (4) maintenance and usage of the CRLs.
Currently, the suggested price is 2.000 US $ for the central mail server
(CA) and 400 US $ for each user PEM agent at user workstation. Various
volume discount schemes are available, as well as other business
arrangements. Currently, in 1993 annual operational fees will not be
charged.
8. COST International PCA: Other Relevant Aspects
-------------------------------------------------
COST--PEM has currently completed its alpha testing stage and it is in its
beta testing stage. It has been designed, implemented and tested by COST
International according to the current PEM RFCs.
Therefore, this statement is issued on the limited basis, for the limited
number of interested parties, to participate in the beta testing stage.
COST--PEM system is currently offered with the deffered payment, which is
due after one month of the trial period, after installation. Within the
trial period COST International consortium does not give any guarantees for
complete functioning of the system. It will, however, do all possible
efforts to give full assistance to customers in setting up and using the
system and it will do whatever necessary, eventually, to correct the
COST--PEM system. COST International states that the PEM system was tested
to the best of our knowledge and that it will do all the reasonable efforts
to correct any errors or mistakes.
For the interested parties (potential customers) the next step would be to
specify the interest for installing the PEM system. The E--mail letter
should be sent
TO: sead(_at_)dsv(_dot_)su(_dot_)se,
SUBJECT: PEM Installation.
The letter should specify:
1. The type of the machine where the E-mail
is installed
2. The domain name of the mail server
3. The total number of the local PEM user workstations
and their types (PC, Mac, UNIX)
In the reply the customer will receive the total price of the system, terms
of deferred payment, and further ordering, shippment, and installation
procedures.
COST International Consortium
Stockholm, Sweden
1 January 1993
<End of Document>