Newsgroups: info.pem-dev
Path: kikn
From: kikn(_at_)flab(_dot_)Fujitsu(_dot_)Co(_dot_)JP (Hiroaki KIKUCHI)
Subject: FJPEM1.0, trial run on WIDE Internet in Japan
Message-ID:
<KIKN(_dot_)94Mar15125405(_at_)oden(_dot_)flab(_dot_)Fujitsu(_dot_)Co(_dot_)JP>
Sender: news(_at_)flab(_dot_)fujitsu(_dot_)co(_dot_)jp
Nntp-Posting-Host: oden.center.flab.fujitsu.co.jp
Organization: I.P.N.C., Fujitsu Laboratories Ltd., Atsugi, Japan
Distribution: info
Date: Tue, 15 Mar 1994 03:54:05 GMT
Lines: 110
-----BEGIN PRIVACY-ENHANCED MESSAGE-----
Proc-Type:4,MIC-CLEAR
Content-Domain:RFC822
Originator-Certificate:
MIIBwjCCAWACAT4wDQYJKoZIhvcNAQECBQAwPjELMAkGA1UEBhMCSlAxDTALBgNV
BAoTBFdJREUxIDAeBgNVBAsTF0NlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTkz
MTExMDAzMDEwMFoXDTk0MTExMDAzMDEwMFowgY0xCzAJBgNVBAYTAkpQMSIwIAYD
VQQKExlGdWppdHN1IExhYm9yYXRvcmllcyBMdGQuMRowGAYDVQQLExFJUCBOZXR3
b3JrIENlbnRlcjE+MBYGA1UEAxMPSGlyb2FraSBLaWt1Y2hpMCQGCSqGSIb3DQEJ
ARYXa2lrbkBmbGFiLmZ1aml0c3UuY28uanAwXDANBgkqhkiG9w0BAQEFAANLADBI
AkEAoJXyFASQxFnwxT9QrrsVB7eGIIjh6R6VyHKcTr67i9UuKkhsYZqWq90+Ayqb
wwtr33M+IyoWMudXe3n3DDS7NwIDAQABMA0GCSqGSIb3DQEBAgUAA00ASmshTiOd
Ht3oq7proqr0nW38M5BNGLCbyFLeXJXZ4QBQ6JD/Kc/w4t5FEAZwKs+2lgfx7dCu
m2NMEfTMBmC94KIW1a0v9B2DqI7QtZ==
Issuer-Certificate:
MIIBfjCCARwCATwwDQYJKoZIhvcNAQECBQAwPjELMAkGA1UEBhMCSlAxDTALBgNV
BAoTBFdJREUxIDAeBgNVBAsTF0NlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTkz
MTEwOTAwMDAwMFoXDTk2MTEwOTAwMDAwMFowPjELMAkGA1UEBhMCSlAxDTALBgNV
BAoTBFdJREUxIDAeBgNVBAsTF0NlcnRpZmljYXRpb24gQXV0aG9yaXR5MGgwDQYJ
KoZIhvcNAQEBBQADVwAwVAJNAG9zTm8/Lpu3bvxog7283OdT0oSPL2v7Vf9bqQQ+
INVW5pZyTqQnvH8hEbTSCln/Vdjdph6j10k43WcPtSthSB4ggysVGXdHW3yQTAkC
AwEAATANBgkqhkiG9w0BAQIFAANNADuEnfRO5r342YWhnYyn6ETxIU6dzd4JMbKg
TzOrp0hQQtgF/9HxkhjE49NUP00VerZPKQUu7ppt2+v/ZFahBlOIhSQl3J8gUWLj
Ie2=
MIC-Info: RSA-MD5,RSA,
WIZ4J8oT0o9M0lLLm6xtHYnbu679kQABA4zN+D3kWd/MBxFAndtTPUKKxVpB/uAK
8sWQs+tsD5it0EReDXHBJY==
Dear PEM developers,
On March 4th, we have started a trial run of PEM on WIDE Internet,
the biggest Japanese academic Internet. We have now about 170 users
from 63 domains including companies and universities. Our implementation,
FJPEM ver1.0, uses Osisec RSA library, GNU DES library, MD2, MD5 message
digest, and base 64 encoding function.
FJPEM is now running on about 10 platforms including Sun, Sony,
IBM, and (of course) Fujitsu.
We have some interfaces to several MTAs; mhe, rmail, VM, mh.
The followings are the FJPEM specific extensions to RFC standards.
1. Specifying DNS email addresses in Traditional DN's
Since X.500 directory service is not so popular yet in Japan,
we encode rfc822 style (DNS) email address in traditional DN,
as shown the portion of this messages. For example, my certificate
contains
<{C=JP}, {O="Fujitsu Laboratories Ltd."}, {OU="IP Network
Center"},
{CN={"Hiroaki Kikuchi",
RM="kikn(_at_)flab(_dot_)fujitsu(_dot_)co(_dot_)jp"}}>.
2. Extended canonical form for Japanese characters
Our Japanese use several variations of Japanese Industrial Standard
(JIS) code to communicate within Japanese Internet, just like
ASCII and EBCDIC. In addition, these are often translated by
MTAs or MTUs automatically. So we have to be careful
when we communicate with MIC-CLEAR.
FJPEM unifies several JIS codes when MIC is calculated
on both sides.
3. Single CA, and Multi notary
We have only single certification authority, called WIDE-CA.
Instead of partitioning WIDE Internet with several CAs, we
decided to have a unique CA which issues only by PEM-signed certificate
requests. Thus, every PEM user have to be authenticated by
some other PEM user, who is called "notary".
There are eleven organizational notaries currently available in Japan.
4. Certificate server.
To retrieve certificates, we use RFC954 (WHOIS) protocol.
Try
% whois -h keyserv.fujitsu.co.jp jp
which shows all PEM users in WIDE Internet.
I am curious to learn how other CAs are operated and certified each other.
Here are my questions.
Q1. How many PEM users in the world/each CA?
I heard there are Low-assurance CA and TIS's commercial CA in U.S.
and many CAs in Europa.
Q2. For each CA, how to authenticate certificate requesters
for the first time? (Does PEM users have to send something
like a photographed ID together ?)
Q3. Does Internet Policy Registration Authority (IPRA) establish?
If so, how to register our Policy and how to be certified by it.
We would like to thank Burton S. Kaliski, Steve Dusse, and
Jeff Thompson at RSA Laboratories, and Peter Williams at University
College London for their advises.
%-------------------------------------------------------------------------
% KIKUCHI Hiroaki, Info. Proc. Network Center, Atsugi, Fujitsu Labs. Ltd.
% Nifty RHD01353, Tel +81-462-48-3111(Ext 3852) Facsimile +81-462-48-3233
%-------------------------------------------------------------------------
-----END PRIVACY-ENHANCED MESSAGE-----
--
%-------------------------------------------------------------------------
% KIKUCHI Hiroaki, Info. Proc. Network Center, Atsugi, Fujitsu Labs. Ltd.
% Nifty RHD01353, Tel +81-462-48-3111(Ext 3852) Facsimile +81-462-48-3233
%-------------------------------------------------------------------------