|
DataMuseum.dkPresents historical artifacts from the history of: DKUUG/EUUG Conference tapes |
This is an automatic "excavation" of a thematic subset of
See our Wiki for more about DKUUG/EUUG Conference tapes Excavated with: AutoArchaeologist - Free & Open Source Software. |
top - metrics - downloadIndex: T U
Length: 198914 (0x30902)
Types: TextFile
Notes: Uncompressed file
└─⟦4f9d7c866⟧ Bits:30007245 EUUGD6: Sikkerheds distributionen
└─⟦6811ac268⟧ »./papers/Secure_Email/m.bishop.priv.enhanced.mail.ps.Z«
└─⟦this⟧
%!
%%BoundingBox: (atend)
%%Pages: (atend)
%%DocumentFonts: (atend)
%%EndComments
%
% FrameMaker PostScript Prolog 2.0, for use with FrameMaker 2.0
% Copyright (c) 1986,87,89 by Frame Technology, Inc. All rights reserved.
%
% Known Problems:
% Due to bugs in Transcript, the 'PS-Adobe-' is omitted from line 1
/FMversion (2.0) def
% Set up Color vs. Black-and-White
/FMPrintInColor systemdict /colorimage known def
% Uncomment this line to force b&w on color printer
% /FMPrintInColor false def
/FrameDict 190 dict def
systemdict /errordict known not {/errordict 10 dict def
errordict /rangecheck {stop} put} if
% The readline in 23.0 doesn't recognize cr's as nl's on AppleTalk
FrameDict /tmprangecheck errordict /rangecheck get put
errordict /rangecheck {FrameDict /bug true put} put
FrameDict /bug false put
mark
% Some PS machines read past the CR, so keep the following 3 lines together!
currentfile 5 string readline
00
0000000000
cleartomark
errordict /rangecheck FrameDict /tmprangecheck get put
FrameDict /bug get {
/readline {
/gstring exch def
/gfile exch def
/gindex 0 def
{
gfile read pop
dup 10 eq {exit} if
dup 13 eq {exit} if
gstring exch gindex exch put
/gindex gindex 1 add def
} loop
pop
gstring 0 gindex getinterval true
} def
} if
/FMVERSION {
FMversion ne {
/Times-Roman findfont 18 scalefont setfont
100 100 moveto
(FrameMaker version does not match postscript_prolog!)
dup =
show showpage
} if
} def
/FMLOCAL {
FrameDict begin
0 def
end
} def
/gstring FMLOCAL
/gfile FMLOCAL
/gindex FMLOCAL
/orgxfer FMLOCAL
/orgproc FMLOCAL
/organgle FMLOCAL
/orgfreq FMLOCAL
/yscale FMLOCAL
/xscale FMLOCAL
/manualfeed FMLOCAL
/paperheight FMLOCAL
/paperwidth FMLOCAL
/FMDOCUMENT {
array /FMfonts exch def
/#copies exch def
FrameDict begin
0 ne dup {setmanualfeed} if
/manualfeed exch def
/paperheight exch def
/paperwidth exch def
setpapername
manualfeed {true} {papersize} ifelse
{manualpapersize} {false} ifelse
{desperatepapersize} if
/yscale exch def
/xscale exch def
currenttransfer cvlit /orgxfer exch def
currentscreen cvlit /orgproc exch def
/organgle exch def /orgfreq exch def
end
} def
/pagesave FMLOCAL
/orgmatrix FMLOCAL
/landscape FMLOCAL
/FMBEGINPAGE {
FrameDict begin
/pagesave save def
3.86 setmiterlimit
/landscape exch 0 ne def
landscape {
90 rotate 0 exch neg translate pop
}
{pop pop}
ifelse
xscale yscale scale
/orgmatrix matrix def
gsave
} def
/FMENDPAGE {
grestore
pagesave restore
end
showpage
} def
/FMDEFINEFONT {
FrameDict begin
findfont
ReEncode
2 index exch
definefont exch
scalefont
FMfonts 3 1 roll
put
end
} bind def
/FMNORMALIZEGRAPHICS {
newpath
0.0 0.0 moveto
1 setlinewidth
0 setlinecap
0 0 0 sethsbcolor
0 setgray
} bind def
/fx FMLOCAL
/fy FMLOCAL
/fh FMLOCAL
/fw FMLOCAL
/llx FMLOCAL
/lly FMLOCAL
/urx FMLOCAL
/ury FMLOCAL
/FMBEGINEPSF {
end
/FMEPSF save def
/showpage {} def
FMNORMALIZEGRAPHICS
[/fy /fx /fh /fw /ury /urx /lly /llx] {exch def} forall
fx fy translate
rotate
fw urx llx sub div fh ury lly sub div scale
llx neg lly neg translate
} bind def
/FMENDEPSF {
FMEPSF restore
FrameDict begin
} bind def
FrameDict begin
/setmanualfeed {
%%BeginFeature *ManualFeed True
statusdict /manualfeed true put
%%EndFeature
} def
/max {2 copy lt {exch} if pop} bind def
/min {2 copy gt {exch} if pop} bind def
/inch {72 mul} def
/pagedimen {
paperheight sub abs 16 lt exch
paperwidth sub abs 16 lt and
{/papername exch def} {pop} ifelse
} def
/papersizedict FMLOCAL
/setpapername {
/papersizedict 14 dict def
papersizedict begin
/papername /unknown def
/Letter 8.5 inch 11.0 inch pagedimen
/LetterSmall 7.68 inch 10.16 inch pagedimen
/Tabloid 11.0 inch 17.0 inch pagedimen
/Ledger 17.0 inch 11.0 inch pagedimen
/Legal 8.5 inch 14.0 inch pagedimen
/Statement 5.5 inch 8.5 inch pagedimen
/Executive 7.5 inch 10.0 inch pagedimen
/A3 11.69 inch 16.5 inch pagedimen
/A4 8.26 inch 11.69 inch pagedimen
/A4Small 7.47 inch 10.85 inch pagedimen
/B4 10.125 inch 14.33 inch pagedimen
/B5 7.16 inch 10.125 inch pagedimen
end
} def
/papersize {
papersizedict begin
/Letter {lettertray} def
/LetterSmall {lettertray lettersmall} def
/Tabloid {11x17tray} def
/Ledger {ledgertray} def
/Legal {legaltray} def
/Statement {statementtray} def
/Executive {executivetray} def
/A3 {a3tray} def
/A4 {a4tray} def
/A4Small {a4tray a4small} def
/B4 {b4tray} def
/B5 {b5tray} def
/unknown {unknown} def
papersizedict dup papername known {papername} {/unknown} ifelse get
end
/FMdicttop countdictstack 1 add def
statusdict begin stopped end
countdictstack -1 FMdicttop {pop end} for
} def
/manualpapersize {
papersizedict begin
/Letter {letter} def
/LetterSmall {lettersmall} def
/Tabloid {11x17} def
/Ledger {ledger} def
/Legal {legal} def
/Statement {statement} def
/Executive {executive} def
/A3 {a3} def
/A4 {a4} def
/A4Small {a4small} def
/B4 {b4} def
/B5 {b5} def
/unknown {unknown} def
papersizedict dup papername known {papername} {/unknown} ifelse get
end
stopped
} def
/desperatepapersize {
statusdict /setpageparams known
{
paperwidth paperheight 0 1
statusdict begin
{setpageparams} stopped pop
end
} if
} def
/savematrix {
orgmatrix currentmatrix pop
} bind def
/restorematrix {
orgmatrix setmatrix
} bind def
/dmatrix matrix def
/dpi 72 0 dmatrix defaultmatrix dtransform
dup mul exch dup mul add sqrt def
/freq dpi 18.75 div 8 div round dup 0 eq {pop 1} if 8 mul dpi exch div def
/sangle 1 0 dmatrix defaultmatrix dtransform exch atan def
/DiacriticEncoding [
/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef /space /exclam /quotedbl
/numbersign /dollar /percent /ampersand /quotesingle /parenleft
/parenright /asterisk /plus /comma /hyphen /period /slash /zero /one
/two /three /four /five /six /seven /eight /nine /colon /semicolon
/less /equal /greater /question /at /A /B /C /D /E /F /G /H /I /J /K
/L /M /N /O /P /Q /R /S /T /U /V /W /X /Y /Z /bracketleft /backslash
/bracketright /asciicircum /underscore /grave /a /b /c /d /e /f /g /h
/i /j /k /l /m /n /o /p /q /r /s /t /u /v /w /x /y /z /braceleft /bar
/braceright /asciitilde /.notdef /Adieresis /Aring /Ccedilla /Eacute
/Ntilde /Odieresis /Udieresis /aacute /agrave /acircumflex /adieresis
/atilde /aring /ccedilla /eacute /egrave /ecircumflex /edieresis
/iacute /igrave /icircumflex /idieresis /ntilde /oacute /ograve
/ocircumflex /odieresis /otilde /uacute /ugrave /ucircumflex
/udieresis /dagger /.notdef /cent /sterling /section /bullet
/paragraph /germandbls /registered /copyright /trademark /acute
/dieresis /.notdef /AE /Oslash /.notdef /.notdef /.notdef /.notdef
/yen /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
/ordfeminine /ordmasculine /.notdef /ae /oslash /questiondown
/exclamdown /logicalnot /.notdef /florin /.notdef /.notdef
/guillemotleft /guillemotright /ellipsis /.notdef /Agrave /Atilde
/Otilde /OE /oe /endash /emdash /quotedblleft /quotedblright
/quoteleft /quoteright /.notdef /.notdef /ydieresis /Ydieresis
/fraction /currency /guilsinglleft /guilsinglright /fi /fl /daggerdbl
/periodcentered /quotesinglbase /quotedblbase /perthousand
/Acircumflex /Ecircumflex /Aacute /Edieresis /Egrave /Iacute
/Icircumflex /Idieresis /Igrave /Oacute /Ocircumflex /.notdef /Ograve
/Uacute /Ucircumflex /Ugrave /dotlessi /circumflex /tilde /macron
/breve /dotaccent /ring /cedilla /hungarumlaut /ogonek /caron
] def
/ReEncode {
dup
length
dict begin
{
1 index /FID ne
{def}
{pop pop} ifelse
} forall
Encoding StandardEncoding eq
{
/Encoding DiacriticEncoding def
}if
currentdict
end
} bind def
/graymode true def
/bwidth FMLOCAL
/bpside FMLOCAL
/bstring FMLOCAL
/onbits FMLOCAL
/offbits FMLOCAL
/xindex FMLOCAL
/yindex FMLOCAL
/x FMLOCAL
/y FMLOCAL
/setpattern {
/bwidth exch def
/bpside exch def
/bstring exch def
/onbits 0 def /offbits 0 def
freq sangle landscape {90 add} if
{/y exch def
/x exch def
/xindex x 1 add 2 div bpside mul cvi def
/yindex y 1 add 2 div bpside mul cvi def
bstring yindex bwidth mul xindex 8 idiv add get
1 7 xindex 8 mod sub bitshift and 0 ne
{/onbits onbits 1 add def 1}
{/offbits offbits 1 add def 0}
ifelse
}
setscreen
{} settransfer
offbits offbits onbits add div FMsetgray
/graymode false def
} bind def
/grayness {
FMsetgray
graymode not {
/graymode true def
orgxfer cvx settransfer
orgfreq organgle orgproc cvx setscreen
} if
} bind def
/HUE FMLOCAL
/SAT FMLOCAL
/BRIGHT FMLOCAL
/Colors FMLOCAL
FMPrintInColor
{
/HUE 0 def
/SAT 0 def
/BRIGHT 0 def
% array of arrays Hue and Sat values for the separations [HUE BRIGHT]
/Colors
[[0 0 ] % black
[0 0 ] % white
[0.00 1.0] % red
[0.37 1.0] % green
[0.60 1.0] % blue
[0.50 1.0] % cyan
[0.83 1.0] % magenta
[0.16 1.0] % comment / yellow
] def
/BEGINBITMAPCOLOR {
BITMAPCOLOR} def
/BEGINBITMAPCOLORc {
BITMAPCOLORc} def
/K {
Colors exch get dup
0 get /HUE exch store
1 get /BRIGHT exch store
HUE 0 eq BRIGHT 0 eq and
{1.0 SAT sub setgray}
{HUE SAT BRIGHT sethsbcolor}
ifelse
} def
/FMsetgray {
/SAT exch 1.0 exch sub store
HUE 0 eq BRIGHT 0 eq and
{1.0 SAT sub setgray}
{HUE SAT BRIGHT sethsbcolor}
ifelse
} bind def
}
{
/BEGINBITMAPCOLOR {
BITMAPGRAY} def
/BEGINBITMAPCOLORc {
BITMAPGRAYc} def
/FMsetgray {setgray} bind def
/K {
pop
} def
}
ifelse
/normalize {
transform round exch round exch itransform
} bind def
/dnormalize {
dtransform round exch round exch idtransform
} bind def
/lnormalize {
0 dtransform exch cvi 2 idiv 2 mul 1 add exch idtransform pop
} bind def
/H {
lnormalize setlinewidth
} bind def
/Z {
setlinecap
} bind def
/X {
fillprocs exch get exec
} bind def
/V {
gsave eofill grestore
} bind def
/N {
stroke
} bind def
/M {newpath moveto} bind def
/E {lineto} bind def
/D {curveto} bind def
/O {closepath} bind def
/n FMLOCAL
/L {
/n exch def
newpath
normalize
moveto
2 1 n {pop normalize lineto} for
} bind def
/Y {
L
closepath
} bind def
/x1 FMLOCAL
/x2 FMLOCAL
/y1 FMLOCAL
/y2 FMLOCAL
/rad FMLOCAL
/R {
/y2 exch def
/x2 exch def
/y1 exch def
/x1 exch def
x1 y1
x2 y1
x2 y2
x1 y2
4 Y
} bind def
/RR {
/rad exch def
normalize
/y2 exch def
/x2 exch def
normalize
/y1 exch def
/x1 exch def
newpath
x1 y1 rad add moveto
x1 y2 x2 y2 rad arcto
x2 y2 x2 y1 rad arcto
x2 y1 x1 y1 rad arcto
x1 y1 x1 y2 rad arcto
closepath
16 {pop} repeat
} bind def
/C {
grestore
gsave
R
clip
} bind def
/U {
grestore
gsave
} bind def
/F {
FMfonts exch get
setfont
} bind def
/T {
moveto show
} bind def
/RF {
rotate
0 ne {-1 1 scale} if
} bind def
/TF {
gsave
moveto
RF
show
grestore
} bind def
/P {
moveto
0 32 3 2 roll widthshow
} bind def
/PF {
gsave
moveto
RF
0 32 3 2 roll widthshow
grestore
} bind def
/S {
moveto
0 exch ashow
} bind def
/SF {
gsave
moveto
RF
0 exch ashow
grestore
} bind def
/B {
moveto
0 32 4 2 roll 0 exch awidthshow
} bind def
/BF {
gsave
moveto
RF
0 32 4 2 roll 0 exch awidthshow
grestore
} bind def
/x FMLOCAL
/y FMLOCAL
/dx FMLOCAL
/dy FMLOCAL
/dl FMLOCAL
/t FMLOCAL
/t2 FMLOCAL
/Cos FMLOCAL
/Sin FMLOCAL
/r FMLOCAL
/W {
dnormalize
/dy exch def
/dx exch def
normalize
/y exch def
/x exch def
/dl dx dx mul dy dy mul add sqrt def
dl 0.0 gt {
/t currentlinewidth def
savematrix
/Cos dx dl div def
/Sin dy dl div def
/r [Cos Sin Sin neg Cos 0.0 0.0] def
/t2 t 2.5 mul 3.5 max def
newpath
x y translate
r concat
0.0 0.0 moveto
dl t 2.7 mul sub 0.0 rlineto
stroke
restorematrix
x dx add y dy add translate
r concat
t 0.67 mul setlinewidth
t 1.61 mul neg 0.0 translate
0.0 0.0 moveto
t2 1.7 mul neg t2 2.0 div moveto
0.0 0.0 lineto
t2 1.7 mul neg t2 2.0 div neg lineto
stroke
t setlinewidth
restorematrix
} if
} bind def
/G {
gsave
newpath
normalize translate 0.0 0.0 moveto
dnormalize scale
0.0 0.0 1.0 5 3 roll arc
closepath fill
grestore
} bind def
/A {
gsave
savematrix
newpath
2 index 2 div add exch 3 index 2 div sub exch
normalize 2 index 2 div sub exch 3 index 2 div add exch
translate
scale
0.0 0.0 1.0 5 3 roll arc
restorematrix
stroke
grestore
} bind def
/x FMLOCAL
/y FMLOCAL
/w FMLOCAL
/h FMLOCAL
/xx FMLOCAL
/yy FMLOCAL
/ww FMLOCAL
/hh FMLOCAL
/FMsaveobject FMLOCAL
/FMoptop FMLOCAL
/FMdicttop FMLOCAL
/BEGINPRINTCODE {
/FMdicttop countdictstack 1 add def
/FMoptop count 4 sub def
/FMsaveobject save def
userdict begin
/showpage {} def
FMNORMALIZEGRAPHICS
3 index neg 3 index neg translate
} bind def
/ENDPRINTCODE {
count -1 FMoptop {pop pop} for
countdictstack -1 FMdicttop {pop end} for
FMsaveobject restore
} bind def
/gn {
0
{ 46 mul
cf read pop
32 sub
dup 46 lt {exit} if
46 sub add
} loop
add
} bind def
/str FMLOCAL
/cfs {
/str sl string def
0 1 sl 1 sub {str exch val put} for
str def
} bind def
/ic [
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0223
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0223
0
{0 hx} {1 hx} {2 hx} {3 hx} {4 hx} {5 hx} {6 hx} {7 hx} {8 hx} {9 hx}
{10 hx} {11 hx} {12 hx} {13 hx} {14 hx} {15 hx} {16 hx} {17 hx} {18 hx}
{19 hx} {gn hx} {0} {1} {2} {3} {4} {5} {6} {7} {8} {9} {10} {11} {12}
{13} {14} {15} {16} {17} {18} {19} {gn} {0 wh} {1 wh} {2 wh} {3 wh}
{4 wh} {5 wh} {6 wh} {7 wh} {8 wh} {9 wh} {10 wh} {11 wh} {12 wh}
{13 wh} {14 wh} {gn wh} {0 bl} {1 bl} {2 bl} {3 bl} {4 bl} {5 bl} {6 bl}
{7 bl} {8 bl} {9 bl} {10 bl} {11 bl} {12 bl} {13 bl} {14 bl} {gn bl}
{0 fl} {1 fl} {2 fl} {3 fl} {4 fl} {5 fl} {6 fl} {7 fl} {8 fl} {9 fl}
{10 fl} {11 fl} {12 fl} {13 fl} {14 fl} {gn fl}
] def
/sl FMLOCAL
/val FMLOCAL
/ws FMLOCAL
/im FMLOCAL
/bs FMLOCAL
/cs FMLOCAL
/len FMLOCAL
/pos FMLOCAL
/ms {
/sl exch def
/val 255 def
/ws cfs
/im cfs
/val 0 def
/bs cfs
/cs cfs
} bind def
400 ms
/ip {
is
0
cf cs readline pop
{ ic exch get exec
add
} forall
pop
} bind def
/wh {
/len exch def
/pos exch def
ws 0 len getinterval im pos len getinterval copy pop
pos len
} bind def
/bl {
/len exch def
/pos exch def
bs 0 len getinterval im pos len getinterval copy pop
pos len
} bind def
/s1 1 string def
/fl {
/len exch def
/pos exch def
/val cf s1 readhexstring pop 0 get def
pos 1 pos len add 1 sub {im exch val put} for
pos len
} bind def
/hx {
3 copy getinterval
cf exch readhexstring pop pop
} bind def
/h FMLOCAL
/w FMLOCAL
/d FMLOCAL
/lb FMLOCAL
/bitmapsave FMLOCAL
/is FMLOCAL
/cf FMLOCAL
/wbytes {
dup
8 eq {pop} {1 eq {7 add 8 idiv} {3 add 4 idiv} ifelse} ifelse
} bind def
/BEGINBITMAPBWc {
1 {} COMMONBITMAPc
} bind def
/BEGINBITMAPGRAYc {
8 {} COMMONBITMAPc
} bind def
/BEGINBITMAP2BITc {
2 {} COMMONBITMAPc
} bind def
/COMMONBITMAPc {
/r exch def
/d exch def
gsave
translate rotate scale /h exch def /w exch def
/lb w d wbytes def
sl lb lt {lb ms} if
/bitmapsave save def
r
/is im 0 lb getinterval def
ws 0 lb getinterval is copy pop
/cf currentfile def
w h d [w 0 0 h neg 0 h]
{ip} image
bitmapsave restore
grestore
} bind def
/BEGINBITMAPBW {
1 {} COMMONBITMAP
} bind def
/BEGINBITMAPGRAY {
8 {} COMMONBITMAP
} bind def
/BEGINBITMAP2BIT {
2 {} COMMONBITMAP
} bind def
/COMMONBITMAP {
/r exch def
/d exch def
gsave
translate rotate scale /h exch def /w exch def
/bitmapsave save def
r
/is w d wbytes string def
/cf currentfile def
w h d [w 0 0 h neg 0 h]
{cf is readhexstring pop} image
bitmapsave restore
grestore
} bind def
/proc1 FMLOCAL
/proc2 FMLOCAL
/newproc FMLOCAL
/Fmcc {
/proc2 exch cvlit def
/proc1 exch cvlit def
/newproc proc1 length proc2 length add array def
newproc 0 proc1 putinterval
newproc proc1 length proc2 putinterval
newproc cvx
} bind def
/ngrayt 256 array def
/nredt 256 array def
/nbluet 256 array def
/ngreent 256 array def
/gryt FMLOCAL
/blut FMLOCAL
/grnt FMLOCAL
/redt FMLOCAL
/indx FMLOCAL
/cynu FMLOCAL
/magu FMLOCAL
/yelu FMLOCAL
/k FMLOCAL
/u FMLOCAL
/colorsetup {
currentcolortransfer
/gryt exch def
/blut exch def
/grnt exch def
/redt exch def
0 1 255 {
/indx exch def
/cynu 1 red indx get 255 div sub def
/magu 1 green indx get 255 div sub def
/yelu 1 blue indx get 255 div sub def
/k cynu magu min yelu min def
/u k currentundercolorremoval exec def
nredt indx 1 0 cynu u sub max sub redt exec put
ngreent indx 1 0 magu u sub max sub grnt exec put
nbluet indx 1 0 yelu u sub max sub blut exec put
ngrayt indx 1 k currentblackgeneration exec sub gryt exec put
} for
{255 mul cvi nredt exch get}
{255 mul cvi ngreent exch get}
{255 mul cvi nbluet exch get}
{255 mul cvi ngrayt exch get}
setcolortransfer
{pop 0} setundercolorremoval
{} setblackgeneration
} bind def
/tran FMLOCAL
/fakecolorsetup {
/tran 256 string def
0 1 255 {/indx exch def
tran indx
red indx get 77 mul
green indx get 151 mul
blue indx get 28 mul
add add 256 idiv put} for
currenttransfer
{255 mul cvi tran exch get 255.0 div}
exch Fmcc settransfer
} bind def
/BITMAPCOLOR {
/d 8 def
gsave
translate rotate scale /h exch def /w exch def
/bitmapsave save def
colorsetup
/is w d wbytes string def
/cf currentfile def
w h d [w 0 0 h neg 0 h]
{cf is readhexstring pop} {is} {is} true 3 colorimage
bitmapsave restore
grestore
} bind def
/BITMAPCOLORc {
/d 8 def
gsave
translate rotate scale /h exch def /w exch def
/lb w d wbytes def
sl lb lt {lb ms} if
/bitmapsave save def
colorsetup
/is im 0 lb getinterval def
ws 0 lb getinterval is copy pop
/cf currentfile def
w h d [w 0 0 h neg 0 h]
{ip} {is} {is} true 3 colorimage
bitmapsave restore
grestore
} bind def
/BITMAPGRAY {
8 {fakecolorsetup} COMMONBITMAP
} bind def
/BITMAPGRAYc {
8 {fakecolorsetup} COMMONBITMAPc
} bind def
/ENDBITMAP {
} bind def
end
%%EndProlog
%%BeginSetup
(2.0) FMVERSION
1 1 612 792 0 1 16 FMDOCUMENT
/fillprocs 32 array def
fillprocs 0 { 0.000000 grayness } put
fillprocs 1 { 0.100000 grayness } put
fillprocs 2 { 0.300000 grayness } put
fillprocs 3 { 0.500000 grayness } put
fillprocs 4 { 0.700000 grayness } put
fillprocs 5 { 0.900000 grayness } put
fillprocs 6 { 0.970000 grayness } put
fillprocs 7 { 1.000000 grayness } put
fillprocs 8 {<0f87c3e1f0783c1e> 8 1 setpattern } put
fillprocs 9 {<0f1e3c78f0e1c387> 8 1 setpattern } put
fillprocs 10 {<cccccccccccccccc> 8 1 setpattern } put
fillprocs 11 {<ffff0000ffff0000> 8 1 setpattern } put
fillprocs 12 {<8142241818244281> 8 1 setpattern } put
fillprocs 13 {<8040201008040201> 8 1 setpattern } put
fillprocs 14 {<03060c183060c081> 8 1 setpattern } put
fillprocs 15 {} put
fillprocs 16 { 1.000000 grayness } put
fillprocs 17 { 0.900000 grayness } put
fillprocs 18 { 0.700000 grayness } put
fillprocs 19 { 0.500000 grayness } put
fillprocs 20 { 0.300000 grayness } put
fillprocs 21 { 0.100000 grayness } put
fillprocs 22 { 0.030000 grayness } put
fillprocs 23 { 0.000000 grayness } put
fillprocs 24 {<f0783c1e0f87c3e1> 8 1 setpattern } put
fillprocs 25 {<f0e1c3870f1e3c78> 8 1 setpattern } put
fillprocs 26 {<3333333333333333> 8 1 setpattern } put
fillprocs 27 {<0000ffff0000ffff> 8 1 setpattern } put
fillprocs 28 {<7ebddbe7e7dbbd7e> 8 1 setpattern } put
fillprocs 29 {<7fbfdfeff7fbfdfe> 8 1 setpattern } put
fillprocs 30 {<fcf9f3e7cf9f3f7e> 8 1 setpattern } put
fillprocs 31 {} put
%%EndSetup
0 12 /Times-Roman FMDEFINEFONT
1 18 /Times-Bold FMDEFINEFONT
2 12 /Times-Italic FMDEFINEFONT
3 10 /Times-Roman FMDEFINEFONT
4 12 /Times-Bold FMDEFINEFONT
%%Page: "1" 1
%%BeginPaperSize: Letter
%%EndPaperSize
612 792 0 FMBEGINPAGE
72 745.99 540 756 R
7 X
0 K
V
72 32.69 540 42.7 R
V
0 F
0 X
(Page 1 of 44) 479.71 34.7 T
72 72 540 720 R
7 X
V
1 F
0 X
(Privacy-Enhanced Electr) 173.24 708 T
(onic Mail) 366.29 708 T
2 F
(Matt Bishop) 274.02 676 T
3 F
(1) 332.99 680.8 T
2 F
(ABSTRACT) 277.68 650 T
0 F
-0.67 (The security of electronic mail sent through the Internet may be described in exactly) 108 630 P
0.67 (three words: there is none. The Privacy and Security Research Group has recom-) 108 616 P
1.94 (mended implementing mechanisms designed to provide security enhancements.) 108 602 P
-0.7 (The \336rst set of mechanisms provides a protocol to provide privacy) 108 588 P
-0.7 (, integrity) 418.62 588 P
-0.7 (, and au-) 463.78 588 P
0.83 (thentication for electronic mail; the second provides a certi\336cate-based key man-) 108 574 P
3.29 (agement infrastructure to support key distribution throughout the internet, to) 108 560 P
-0.42 (support the \336rst set of mechanisms. This paper describes these mechanisms, as well) 108 546 P
-0.36 (as the reasons behind their selection and how these mechanisms can be used to pro-) 108 532 P
(vide some measure of security in the exchange of electronic mail.) 108 518 T
(Index T) 108 492 T
(erms: certi\336cates, cryptography) 144.8 492 T
(, electronic mail, internet, privacy) 295.57 492 T
(, security) 457 492 T
4 F
(1. Intr) 72 466 T
(oduction) 104.43 466 T
0 F
1.02 (Probably the best-known use of computer networks is for the transmission of electronic) 108 442 P
0.31 (mail. Much less widely known is the inherent lack of security in most mailing systems. Recently) 72 422 P
0.38 (this has become the subject of much discussion, and some proposals have been made to enhance) 72 402 P
0.93 (the security of electronic mail. The X.41) 72 382 P
0.93 (1 Recommendation [9], the Message Security Protocol) 271.63 382 P
-0.52 (MSP [37], and the protocols in RFC 1) 72 362 P
-0.52 (1) 250.48 362 P
-0.52 (13 [26], RFC 1) 256.03 362 P
-0.52 (1) 326.65 362 P
-0.52 (14 [23], and RFC 1) 332.2 362 P
-0.52 (1) 422.62 362 P
-0.52 (15 [27] \050which we shall) 428.17 362 P
(call the ) 72 342 T
2 F
(privacy-enhanced mail pr) 109.97 342 T
(otocols) 233.43 342 T
0 F
(\051) 268.08 342 T
(, all attempt to address this issue.) 272.07 342 T
0.04 (This last set of protocols is designed to add security-related enhancements to a very lar) 108 318 P
0.04 (ge-) 524.68 318 P
-0.33 (scale, existing electronic mail structure in a manner transparent to both users and administrators of) 72 298 P
0.52 (the network. The most signi\336cant contribution of the privacy enhanced mail protocols is to inte-) 72 278 P
1.47 (grate issues of cryptography) 72 258 P
1.47 (, systems engineering, key management, user interfacing, and net-) 211.18 258 P
1.48 (working on a scale not attempted in practice before. The proposals are being implemented by) 72 238 P
(various groups [3][5][15] and are currently draft Internet standards.) 72 218 T
-0.13 (This paper describes the privacy enhanced mail protocols, which specify a set of protocols) 108 194 P
0.27 (for sending electronic mail that provides privacy) 72 174 P
0.27 (, integrity) 306 174 P
0.27 (, and sender authenticity; under certain) 352.13 174 P
0.97 (circumstances, it also provides non-repudiation. The next section presents some background on) 72 154 P
-0.3 (electronic mailing systems, some relevant aspects of cryptography) 72 134 P
-0.3 (, and discusses some of the con-) 387.57 134 P
-0.55 (straints leading to design decisions. Following that, we show how to send a privacy-enhanced mes-) 72 114 P
-0.6 (sage. The fourth section discusses a supporting certi\336cate-based key management architecture, and) 72 94 P
FMENDPAGE
%%EndPage: "1" 2
%%Page: "2" 2
612 792 0 FMBEGINPAGE
72 745.99 540 756 R
7 X
0 K
V
72 32.69 540 42.7 R
V
0 F
0 X
(Page 2 of 44) 479.71 34.7 T
72 72 540 720 R
7 X
V
0 X
0.33 (gives an example of a mechanism used to support that protocol. The \336fth and sixth sections con-) 72 712 P
-0.17 (sider an alternate key distribution mechanism and the use of mailing lists. Finally) 72 692 P
-0.17 (, we conclude by) 459.25 692 P
(comparing these proposals with the X.41) 72 672 T
(1 Recommendation and MSP) 268.09 672 T
(.) 407.68 672 T
0.17 ( This description re\337ects the current state of those protocols rather than the state speci\336ed) 108 648 P
0.23 (in the RFCs; however) 72 628 P
0.23 (, dif) 177.17 628 P
0.23 (ferences will be noted.) 196.51 628 P
3 F
0.2 (2) 305.79 632.8 P
0 F
0.23 ( Also, we have tied the statements in the text to) 310.79 628 P
-0.25 (sections in the RFCs so the reader interested in the reference description \050again, except for the dif-) 72 608 P
(ferences speci\336ed\051 can quickly and easily locate the relevant text.) 72 588 T
0.19 (W) 108 564 P
0.19 (e should note in passing that descriptions of earlier versions of these protocols have ap-) 118.36 564 P
-0.4 (peared in the literature [5][28][29]; unlike these, however) 72 544 P
-0.4 (, the focus of this paper is not only on the) 345.14 544 P
0.26 (protocols themselves but also on the reasons that the choices involved in designing the proposals) 72 524 P
0.1 (were made. W) 72 504 P
0.1 (e hope to provide a broader perspective on some of the design decisions, as well as) 140.83 504 P
(placing them more completely in context than other work.) 72 484 T
4 F
(2. Backgr) 72 452 T
(ound and Design Considerations) 121.09 452 T
0 F
-0.56 (In this section we review some topics that play a role in enhancing the security of electronic) 108 428 P
-0.25 (mail. First, we look at a model of message transmittal systems, then we discuss some properties of) 72 408 P
(cryptography) 72 388 T
(, and \336nally we look at key distribution systems.) 135.17 388 T
4 F
(2.1. Message Handling System Model) 72 356 T
0 F
-0.17 (Perhaps the most useful model of mail systems is the ) 108 332 P
2 F
-0.17 (Message Handling System Model) 363.48 332 P
0 F
-0.17 ( [8]) 523.19 332 P
1 (\050see Figure 1\051. It treats the mail system as being composed of a number of connected ) 72 312 P
2 F
1 (Message) 498.04 312 P
0.08 (T) 72 292 P
0.08 (ransport Agents) 78.01 292 P
0 F
0.08 ( and corresponding) 155.05 292 P
0.08 ( ) 247.13 292 P
2 F
0.08 (User Agents) 250.2 292 P
0 F
0.08 (. A ) 309.24 292 P
2 F
0.08 (sender) 327.04 292 P
0 F
0.08 ( or an ) 359.02 292 P
2 F
0.08 (originator) 389.55 292 P
0 F
0.08 ( creates an electronic) 438.87 292 P
0.26 (message and invokes the user agent, which \321 on behalf of the user \321 submits that message to a) 72 272 P
0.18 (message transport agent. This agent passes the message along to another message transport agent) 72 252 P
72 72 540 720 C
72 72 540 239.98 C
108 97.99 180 124.99 R
7 X
0 K
V
0.5 H
0 Z
0 X
N
270 97.99 342 124.99 R
7 X
V
0 X
N
432 97.99 504 124.99 R
7 X
V
0 X
N
108 151.99 180 178.99 13.5 RR
7 X
V
0 X
N
432 151.99 504 178.99 13.5 RR
7 X
V
0 X
N
7 X
90 450 18 13.5 144 210.49 G
0 X
90 450 18 13.5 144 210.49 A
7 X
90 450 18 13.5 468 210.49 G
0 X
90 450 18 13.5 468 210.49 A
468 196.99 468 178.99 2 L
7 X
V
1 H
2 Z
0 X
N
144 196.99 144 178.99 2 L
7 X
V
0 X
N
138.31 136.53 135 124.99 131.69 136.53 135 136.53 4 Y
V
135 151.99 135 135.53 2 L
7 X
V
0 X
N
149.69 140.46 153 151.99 156.31 140.46 153 140.46 4 Y
V
153 124.99 153 141.46 2 L
7 X
V
0 X
N
462.31 136.53 459 124.99 455.69 136.53 459 136.53 4 Y
V
459 151.99 459 135.53 2 L
7 X
V
0 X
N
472.68 140.46 475.99 151.99 479.3 140.46 475.99 140.46 4 Y
V
475.99 124.99 475.99 141.46 2 L
7 X
V
0 X
N
258.46 119.3 270 115.99 258.46 112.68 258.46 115.99 4 Y
V
180 115.99 259.46 115.99 2 L
7 X
V
0 X
N
420.46 119.3 432 115.99 420.46 112.68 420.46 115.99 4 Y
V
342 115.99 421.46 115.99 2 L
7 X
V
0 X
N
353.54 103.68 342 106.99 353.54 110.3 353.54 106.99 4 Y
V
352.54 106.99 432 106.99 2 L
7 X
V
0 X
N
191.54 103.68 180 106.99 191.54 110.3 191.54 106.99 4 Y
V
190.54 106.99 270 106.99 2 L
7 X
V
0 X
N
0 F
( MT) 126 106.99 T
(A) 146.03 106.99 T
(MT) 297 106.99 T
(A) 314.03 106.99 T
( MT) 450 106.99 T
(A) 470.03 106.99 T
(user) 459 205.99 T
(UA) 459 160.99 T
(user) 135 205.99 T
(UA) 135 160.99 T
72 70.99 540 88.99 R
7 X
V
0 X
(Figure 1. The Message Handling System Model.) 189.41 80.99 T
540 230.98 72 230.98 2 L
7 X
V
0.5 H
0 X
N
72 72 540 720 C
0 0 612 792 C
FMENDPAGE
%%EndPage: "2" 3
5 8 /Times-Roman FMDEFINEFONT
%%Page: "3" 3
612 792 0 FMBEGINPAGE
72 745.99 540 756 R
7 X
0 K
V
72 32.69 540 42.7 R
V
0 F
0 X
(Page 3 of 44) 479.71 34.7 T
72 72 540 720 R
7 X
V
0 X
-0.44 (on another host, which passes it to yet another host, and so forth, until it reaches the message trans-) 72 712 P
0.51 (port agent at the destination host. This agent passes the message on to a user agent, which saves) 72 692 P
-0.14 (the message. The ) 72 672 P
2 F
-0.14 (r) 157.51 672 P
-0.14 (ecipient) 161.73 672 P
0 F
-0.14 ( may then invoke the user agent to read the message, save it, reply to it,) 199.7 672 P
(or perform other functions.) 72 652 T
-0.62 (When a message is accepted by a message transport agent, it has a particular format the pre-) 108 628 P
0.05 (cise description of which depends upon the speci\336c mail system protocol or protocols understood) 72 608 P
1.51 (by the agent. When agents attempt to exchange messages, the format of the message must be) 72 588 P
-0.06 (known to both agents, or it must be translated to a form acceptable to both. For example, message) 72 568 P
-0.34 (transport agents handling electronic mail from the lar) 72 548 P
-0.34 (gest set of connected networks \050called the In-) 324.89 548 P
0.76 (ternet\051 expect messages to be in a format described in RFC-822 [13], which consists of a set of) 72 528 P
2 F
0.39 (header) 72 508 P
0 F
0.39 ( ) 105.31 508 P
2 F
0.39 (\336elds) 108.69 508 P
0 F
0.39 ( followed by a blank line, and then the body of the message. The information in the) 134.01 508 P
0.19 (header lines is used to forward the message from one message transfer agent to another using the) 72 488 P
0.43 (Simple Mail T) 72 468 P
0.43 (ransfer Protocol described in RFC-821 [33]. Another very lar) 142.4 468 P
0.43 (ge network is that of) 439.7 468 P
3 F
-0.04 (UNIX) 72 448 P
5 F
-0.03 (3) 96.98 452 P
0 F
-0.05 (-based systems, which often use an alternate transfer protocol called UUCP [32] to transmit) 100.97 448 P
(mail messages by telephone.) 72 428 T
-0.36 (The existence of numerous message transport agents and protocols suggests that to be used) 108 404 P
-0.46 (widely) 72 384 P
-0.46 (, a protocol to enhance security of electronic mail should not require the redesign of existing) 103.87 384 P
0.18 (message transport protocols or message handling systems. The dif) 72 364 P
0.18 (\336culty of coordinating a global) 390.7 364 P
-0.64 (change of protocols throughout the internet would be immense, especially since many system man-) 72 344 P
0.6 (agers would delay installing the new software until they were sure it functioned correctly) 72 324 P
0.6 (. Thus,) 506.41 324 P
-0.43 (compatibility with existing protocols and software would need to be maintained, so there would be) 72 304 P
(two electronic mail protocols, not just one, extant.) 72 284 T
0.69 (Under this assumption, the enhancements must ) 108 260 P
2 F
0.69 (not) 341 260 P
0 F
0.69 ( reside at the message transport level,) 356.33 260 P
0.46 (but instead must be at the user agent level. The security enhancements should be invisible to the) 72 240 P
0.71 (message transport agent, and therefore the mail systems would be able to send both privacy-en-) 72 220 P
(hanced messages and regular messages.) 72 200 T
-0.56 (The above suggestion actually has the force of a constraint since the privacy-enhanced mail) 108 176 P
0.49 (proposals are intended for widespread use throughout the Internet, which is not a centrally-man-) 72 156 P
0.11 (aged network. Instead, it is composed of a collection of autonomous networks, each of which has) 72 136 P
(its own management structure. Any attempt to require sites to alter their message transport agents) 72 116 T
(would be resisted.) 72 96 T
FMENDPAGE
%%EndPage: "3" 4
%%Page: "4" 4
612 792 0 FMBEGINPAGE
72 745.99 540 756 R
7 X
0 K
V
72 32.69 540 42.7 R
V
0 F
0 X
(Page 4 of 44) 479.71 34.7 T
72 72 540 720 R
7 X
V
0 X
0.27 (The privacy) 108 712 P
0.27 (, integrity) 165.1 712 P
0.27 (, and authentication services cannot rely on software over which the) 211.24 712 P
0.31 (user has no control; he or she must have some means of verifying that the software has not com-) 72 692 P
0.33 (promised the privacy or integrity of the message as well as the identity of the sender) 72 672 P
0.33 (. Alterations) 480.37 672 P
0.26 (could occur at three points: at the originator) 72 652 P
0.26 (\325) 284.46 652 P
0.26 (s computer) 287.79 652 P
0.26 (, at the recipient\325) 340.54 652 P
0.26 (s computer) 421.93 652 P
0.26 (, or at any in-) 474.67 652 P
0.26 (termediate node. T) 72 632 P
0.26 (o ensure that the message could not be altered at the \336rst two points would re-) 161.95 632 P
4.28 (quire considering very general issues of operating system security) 72 612 P
4.28 (, and certainly require) 421.91 612 P
-0.38 (modi\336cation of most existing systems. Hence we assume that the sender and recipient can trust the) 72 592 P
0.57 (software ) 72 572 P
2 F
0.57 (above) 116.87 572 P
0 F
0.57 ( the message transport agent level on each other) 145.51 572 P
0.57 (\325) 380.37 572 P
0.57 (s computer) 383.7 572 P
0.57 (, but that they cannot) 436.76 572 P
-0.21 (trust software below that level.) 72 552 P
3 F
-0.17 (4) 219.4 556.8 P
0 F
-0.21 ( This again suggests putting the enhancements ) 224.4 552 P
2 F
-0.21 (above) 448.48 552 P
0 F
-0.21 ( the transport) 477.12 552 P
0.08 (level at the end systems as well as using cryptography to protect the messages, since any controls) 72 532 P
-0.29 (built into the message transport agents can be subverted \050by the system operators, if not by anyone) 72 512 P
(else\051.) 72 492 T
4 F
(2.2. Cryptography for Authentication and Privacy) 72 460 T
0 F
-0.53 (Protecting the privacy of messages on a network requires encryption whenever the network) 108 436 P
0.1 (is physically beyond the control of the sender) 72 416 P
0.1 (. Since he has no power to prevent another from lis-) 290.21 416 P
-0.52 (tening in, he must rely on mechanisms that prevent disclosure and enable authentication ) 72 396 P
2 F
-0.52 (even when) 490.23 396 P
0 F
(a wiretapper is present; ideally) 72 376 T
(, whether that individual is active or passive should be irrelevant.) 218.44 376 T
-0.49 (The literature describing the protection of remote communications suggests using two keys) 108 352 P
0.56 ([40]. The \336rst is a one-time key) 72 332 P
0.56 (, selected pseudorandomly) 226.12 332 P
0.56 (, called the ) 354.03 332 P
2 F
0.56 (session key) 410.99 332 P
0 F
0.56 ( or the ) 465.17 332 P
2 F
0.56 (data ex-) 500.48 332 P
-0.07 (change key) 72 312 P
0 F
-0.07 (; this key is used to encrypt the messages sent during the session. The second key is an) 125.54 312 P
2 F
-0.21 (inter) 72 292 P
-0.21 (change key) 94.21 292 P
0 F
-0.21 ( associated with the user and/or recipient, and is used to encrypt the data exchange) 147.61 292 P
0.27 (key; the data exchange key is transmitted when the session is begun and then retained for further) 72 272 P
(use. This protocol has three advantages over using the interchange key as a data exchange key) 72 252 T
(.) 522.86 252 T
-0.39 (If the cryptosystem for the interchange key is symmetric \050classical\051, it is often theoretically) 108 228 P
0.4 (possible to derive this key given suf) 72 208 P
0.4 (\336cient ciphertext, especially if the corresponding plaintext is) 246.74 208 P
0.96 (known. For strong cryptosystems, such cryptanalysis requires lar) 72 188 P
0.96 (ge amounts of ciphertext \050and,) 389.95 188 P
0.26 (possibly) 72 168 P
0.26 (, corresponding plaintext\051; hence, restricting the use of the interchange key to encrypting) 111.21 168 P
1.22 (small amounts of data, and then using dif) 72 148 P
1.22 (ferent data exchange keys to encrypt \050possibly lar) 278.21 148 P
1.22 (ge\051) 524.68 148 P
-0.33 (amounts of data only once, limits the amount of data a listener will have available to determine the) 72 128 P
-0.19 (key) 72 108 P
-0.19 (. Even if the data exchange key is compromised, only the single session will be known; the lis-) 88.54 108 P
(tener will have to derive a new data exchange key for the next session.) 72 88 T
FMENDPAGE
%%EndPage: "4" 5
%%Page: "5" 5
612 792 0 FMBEGINPAGE
72 745.99 540 756 R
7 X
0 K
V
72 32.69 540 42.7 R
V
0 F
0 X
(Page 5 of 44) 479.71 34.7 T
72 72 540 720 R
7 X
V
0 X
0.43 (If the interchange key is that of an asymmetric \050public key\051 cryptosystem, the encryption) 108 712 P
0.1 (and corresponding decryption will be more expensive in time, space, or both than those for sym-) 72 692 P
0 (metric cryptosystems; but the short data exchange key can be encrypted using it without af) 72 672 P
0 (fecting) 506.69 672 P
0.19 (overall performance very much. Hence the trade-of) 72 652 P
0.19 (f chosen for the privacy-enhanced mail proto-) 319.04 652 P
(cols was to use a symmetric data encryption key and an asymmetric interchange key) 72 632 T
(.) 475.91 632 T
0.36 (Sender authentication and protection of message integrity are provided by sending with a) 108 608 P
-0.05 (message its ) 72 588 P
2 F
-0.05 (digital signatur) 129.85 588 P
-0.05 (e) 203.67 588 P
0 F
-0.05 (; this is a ) 208.99 588 P
-0.05 (function which computes a value based on the contents of a) 254.76 588 P
0 (message. The function must be easy to compute, and it must be computationally infeasible to \336nd) 72 568 P
0.87 (any two inputs which produce the same output. For example, in a public key cryptosystem, en-) 72 548 P
-0.21 (crypting a message with a private key produces a digital signature as lar) 72 528 P
-0.21 (ge as the message; anyone) 414.29 528 P
-0.2 (can validate the signature \050as the corresponding public key is widely available\051, and it is computa-) 72 508 P
(tionally infeasible to generate a message which will produce the same digital signature.) 72 488 T
-0.47 (In practice, it is also undesirable to double the size of a message to ensure integrity) 108 464 P
-0.47 (. For this) 497.95 464 P
-0.19 (reason, digital signatures are often produced by using a ) 72 444 P
2 F
-0.19 (manipulation detection code) 338.09 444 P
0 F
-0.19 ( \050also called a) 474.29 444 P
2 F
-0.22 (message integrity check) 72 424 P
0 F
-0.22 (\051 ) 186.13 424 P
-0.22 (to compute a small, \336xed-size hash of the \336le, and then encrypting \050sign-) 192.9 424 P
0.13 (ing\051 the hash. These codes, of which one-way \050non-invertible\051 hash functions are examples, must) 72 404 P
-0.18 (be easy to compute but, as with digital signatures in general, it must be computationally infeasible) 72 384 P
(to \336nd any pair of dif) 72 364 T
(ferent \336les which produce the same manipulation detection code [14].) 174.05 364 T
-0.33 (Both these schemes also provide an integrity check for the \336le. One can determine the con-) 108 340 P
-0.46 (tents of the message, or what the \336le hashed to, when signed; if the message sent with the signature) 72 320 P
-0.55 (disagrees or hashes to a dif) 72 300 P
-0.55 (ferent value, then either the message or the signature was altered in tran-) 198.59 300 P
(sit and the integrity of the communication should be regarded as violated.) 72 280 T
0.1 (Finally) 108 256 P
0.1 (, if no one other than the sender has access to the sender) 141.21 256 P
0.1 (\325) 411.67 256 P
0.1 (s private key) 415.01 256 P
0.1 (, it would not) 475.72 256 P
-0.12 (be possible for the sender to disavow a signed message. Should the sender do so, the recipient can) 72 236 P
-0.75 (prove the message was sent by a party with the sender) 72 216 P
-0.75 (\325) 324.78 216 P
-0.75 (s private key; since this key should be known) 328.11 216 P
0.64 (only to the sender) 72 196 P
0.64 (, the sender would then have to demonstrate that someone had stolen this key) 159.05 196 P
0.64 (.) 537 196 P
0.66 (Note that this assumes a trusted system of some sort, because if that part of the sender) 72 176 P
0.66 (\325) 495.02 176 P
0.66 (s system) 498.36 176 P
0.44 (which handles the private key could be compromised, the private key could be stolen. It also as-) 72 156 P
-0.2 (sumes that messages are timestamped, that keys are issued to users whose identities have been au-) 72 136 P
0.31 (thenticated in some fashion \050for example, by a public notary\051, and that all compromised keys are) 72 116 P
0 (reported at once. \050A note of terminology: the key to a classical cryptosystem is called a ) 72 96 P
2 F
0 (secr) 492.82 96 P
0 (et key) 512.36 96 P
0 F
(in this paper) 72 76 T
(, whereas the hidden key for a public key cryptosystem is called a ) 130.82 76 T
2 F
(private key) 449.24 76 T
0 F
(.\051) 501.41 76 T
FMENDPAGE
%%EndPage: "5" 6
%%Page: "6" 6
612 792 0 FMBEGINPAGE
72 745.99 540 756 R
7 X
0 K
V
72 32.69 540 42.7 R
V
0 F
0 X
(Page 6 of 44) 479.71 34.7 T
72 72 540 720 R
7 X
V
0 X
-0.13 (Using cryptography implies that there must be a mechanism for distributing cryptographic) 108 712 P
(keys to communicating parties; we now examine the ways that can be done.) 72 692 T
4 F
(2.3. Key Distribution and Management) 72 660 T
0 F
-0.42 (Creating and distributing interchange keys is a complex problem; one solution described in) 108 636 P
0.51 (the literature is to create ) 72 616 P
2 F
0.51 (key distribution centers) 193.47 616 P
0 F
0.51 (. If the interchange keys are keys for symmetric) 307.09 616 P
0.09 (ciphers, the key distribution centers must be trusted. Given that the Internet is composed of many) 72 596 P
0.18 (autonomous domains, which are themselves often composed of other autonomous subdomains, it) 72 576 P
-0.54 (is very unlikely that members of such an amalgamation would trust key distribution centers not un-) 72 556 P
-0.22 (der their control. Hence the privacy-enhanced mail protocols suggest using an asymmetric crypto-) 72 536 P
2.76 (system for interchange keys, and provide a standard for the management of those keys by) 72 516 P
(encapsulating the required data in ) 72 496 T
2 F
(certi\336cates) 236.87 496 T
0 F
(.) 289.5 496 T
-0.25 (The certi\336cates consist of the user) 108 472 P
-0.25 (\325) 270.74 472 P
-0.25 (s public key as well as information identifying the asso-) 274.08 472 P
-0.04 (ciated user and a version number of some form so that, if a user has more than one public key) 72 452 P
-0.04 (, the) 519.39 452 P
0.54 (sender can identify which one was used. Also a digital signature must be included to protect the) 72 432 P
-0.45 (integrity of the stored data; this is a hash encrypted using the private key of the user) 72 412 P
-0.45 (, so that anyone) 466.06 412 P
-0.51 (may verify the integrity of the data by recomputing the hash and comparing that value with the val-) 72 392 P
-0.33 (ue obtained by decrypting the stored signature using the stored public key) 72 372 P
-0.33 (. Note that the key distri-) 421.71 372 P
0.2 (bution center storing the certi\336cates need not be trusted, since the encrypted hash value binds the) 72 352 P
-0.19 (user) 72 332 P
-0.19 (, version, and public key together) 91.5 332 P
-0.19 (, and any alterations can be detected by the sender before the) 250.31 332 P
(key is used. For this reason, that center is referred to as a ) 72 312 T
2 F
(dir) 347.45 312 T
(ectory) 361.01 312 T
0 F
(.) 390.2 312 T
0.53 (The privacy enhanced mail protocols separate the key distribution scheme from the mes-) 108 288 P
0 (sage encoding scheme. This way) 72 268 P
0 (, users operating in an environment where they could trust a cen-) 228.8 268 P
0.91 (tral server to manage interchange could do so, whereas users in an environment without such a) 72 248 P
(server could use a certi\336cate-based key distribution mechanism.) 72 228 T
4 F
(3. Sending a Privacy-Enhanced Mail Message) 72 196 T
0 F
1.7 (The interoperability constraints described in the introduction suggest encapsulating the) 108 172 P
0.6 (header \336elds related to the enhancements and the privacy-enhanced body of the message so that) 72 152 P
-0.15 (the privacy-enhanced mail message becomes the body of a regular mail message. This has two ef-) 72 132 P
0.52 (fects. First, some user agents do not allow users \050or other processes\051 to add special header \336elds) 72 112 P
0.2 (holding the extra information needed to send privacy-enhanced mail;) 72 92 P
3 F
0.17 (5) 404.68 96.8 P
0 F
0.2 ( this is not a problem if the) 409.68 92 P
FMENDPAGE
%%EndPage: "6" 7
5 12 /Courier FMDEFINEFONT
%%Page: "7" 7
612 792 0 FMBEGINPAGE
72 745.99 540 756 R
7 X
0 K
V
72 32.69 540 42.7 R
V
0 F
0 X
(Page 7 of 44) 479.71 34.7 T
72 72 540 720 R
7 X
V
0 X
0.08 (relevant header \336elds are encapsulated in the body) 72 451 P
0.08 (. Secondly) 313.93 451 P
0.08 (, as stated in the introduction, an im-) 363.87 451 P
0.67 (portant goal is to be compatible with current electronic mail processing, and adding new header) 72 431 P
0.46 (\336elds requires that existing message transport agents be able to handle such \336elds. But if the en-) 72 411 P
1 (hancements are simply part of the body of a message, the message transport agents need know) 72 391 P
(nothing about the new headers.) 72 371 T
1.91 (The encapsulation mechanism chosen is similar to one widely used in electronic mail) 108 347 P
-0.75 (throughout the Internet [36]; that standard delimits encapsulated material between two identical de-) 72 327 P
1.92 (limiter lines. However) 72 307 P
1.92 (, that privacy-enhanced mail allows multiple encapsulated bodies to be) 182.95 307 P
-0.05 (present either nested or sequentially introduces ambiguity) 72 287 P
-0.05 (, so the beginning and ending delimiters) 348.07 287 P
0.29 (must bedif) 72 267 P
0.29 (ferent. Speci\336cally) 123.04 267 P
0.29 (, the encapsulated portion of the message is preceded by a line con-) 213.15 267 P
(taining the delimiter) 72 247 T
5 F
(-----BEGIN PRIVACY-ENHANCED MESSAGE BOUNDARY----) 133.29 223 T
0 F
-0.49 (following which come the ) 72 205 P
2 F
-0.49 (encapsulated header \336elds) 198.63 205 P
0 F
-0.49 (, a blank line, and the ) 325.57 205 P
2 F
-0.49 (encapsulated text) 428.58 205 P
0 F
-0.49 (;.after) 511.7 205 P
(the body comes a line containing the delimiter) 72 185 T
5 F
(-----END PRIVACY-ENHANCED MESSAGE BOUNDARY----) 140.49 161 T
0 F
-0.13 (which indicates the end of the privacy-enhanced message.) 72 143 P
3 F
-0.11 (6) 349.51 147.8 P
0 F
-0.13 ( Figure 2 and Figure 3 show examples) 354.51 143 P
-0.09 (of encapsulated portions of privacy enhanced messages. Note that if the entire message is protect-) 72 123 P
0.16 (ed, a blank line must separate the \336rst delimiter from the unencapsulated headers; this is required) 72 103 P
(by [13].) 72 83 T
72 72 540 720 C
72 459 540 720 C
76.5 477 544.5 720 R
7 X
0 K
V
5 F
0 X
(-----BEGIN PRIVACY-ENHANCED MESSAGE BOUNDARY-----) 76.5 712 T
(Proc-Type: 3,ENCRYPTED) 76.5 698 T
(DEK-Info: DES-CBC,3729F9DC6300925A) 76.5 684 T
(Sender-ID: someone@somewhere.com::) 76.5 670 T
(Recipient-ID: someone@somewhere.com:ptf-kmc:3) 76.5 656 T
(Key-Info: DES-ECB,RSA-MD2,) 76.5 642 T
(0F65D99570758593,AEE05B42181E5E261B301291D83DB8F1) 130.5 628 T
(Recipient-ID: towho@somewhere.else.com:ptf-kmc:4) 76.5 614 T
(Key-Info: DES-ECB,RSA-MD2,) 76.5 600 T
(4B425C85F819327E,0F5FACDB20FD89B9CA8636AE7E70BE74) 130.5 586 T
(iwf9eh8CjiF4A9OKf8ZPayOHjAZNLvWYxsGTIr8xQxfQ0uSN4GbnHHzJPXk6saOd) 76.5 558 T
(rTLE42WxcsYZsYYZaBfbpBR3GF3nwwIY1O0s3LZTUuwsfsGeIu/v2C+dfSlq/wIE) 76.5 544 T
(VesyVXPegFX1MSxZb5bv1J7WK9GE3G58TgwzuYNROPcF61lFq7RDWmS61ji3ZyFy) 76.5 530 T
(DNkG/JlAeWlMgP8WpfJgVg==) 76.5 516 T
(-----END PRIVACY-ENHANCED MESSAGE BOUNDARY-----) 76.5 502 T
0 F
(Figure 2. Sample encapsulated portion of a message \050symmetric interchange keys\051.) 111.31 482 T
535.5 468 67.5 468 2 L
7 X
V
0.5 H
2 Z
0 X
N
72 72 540 720 C
0 0 612 792 C
FMENDPAGE
%%EndPage: "7" 8
%%Page: "8" 8
612 792 0 FMBEGINPAGE
72 745.99 540 756 R
7 X
0 K
V
72 32.69 540 42.7 R
V
0 F
0 X
(Page 8 of 44) 479.71 34.7 T
72 72 540 720 R
7 X
V
0 X
-0.14 (T) 108 334 P
-0.14 (o keep privacy-enhanced mail processing as simple as possible, authentication and integ-) 114.49 334 P
-0.13 (rity checks are applied only to the encapsulated body and neither to the encapsulated header \336elds) 72 314 P
0.46 (nor to the enclosing header \336elds. Privacy of header \336elds is provided only to the data exchange) 72 294 P
-0.31 (key and to no other header \336eld. Therefore, header \336elds containing sensitive information \050such as) 72 274 P
5 F
0.86 (Subject) 72 254 P
0 F
0.36 (\051 should be put in the encapsulated body) 122.37 254 P
0.36 (, and when necessary can be omitted from the) 317.64 254 P
0.1 (headers; similarly) 72 234 P
0.1 (, to check the integrity of header \336elds, they can be replicated within the encap-) 156.93 234 P
0.24 (sulated body) 72 214 P
0.24 (. Of course, doing so does ) 132.42 214 P
2 F
0.24 (not) 261.75 214 P
0 F
0.24 ( ensure the sender named in the replicated header \336eld) 277.08 214 P
0.33 (actually sent the message; the sender can put anything desired into the body of the message. The) 72 194 P
-0.58 (possibility of confusing the integrity of replicated headers with the authenticity of the sender is suf-) 72 174 P
(\336cient so that the standards do not prescribe the replication of any header \336elds.) 72 154 T
3 F
(7) 455.06 158.8 T
4 F
(3.1. T) 72 122 T
(ransforming the Encapsulated Body) 100.1 122 T
0 F
0.19 (In addition to encrypting, messages must be transformed into a canonical form so that the) 108 98 P
-0.51 (encrypted text can be decrypted, and the message integrity check recomputed, correctly despite the) 72 78 P
72 342 540 720 C
72 342 540 720 R
7 X
0 K
V
5 F
0 X
(-----BEGIN PRIVACY-ENHANCED MESSAGE BOUNDARY-----) 72 712 T
(Proc-Type: 3,ENCRYPTED) 72 698 T
(DEK-Info: DES-CBC,F8143EDE5960C597) 72 684 T
(Sender-ID: someone@somewhere.com:/C=US/O=Somewhere/OU=Main) 72 670 T
(Off) 90 656 T
(ice/:26) 111.59 656 T
(Certi) 72 642 T
(fi) 107.98 642 T
(cate:) 122.37 642 T
( jHUlBLpvXR0UrUzYbkNpk0agV2IzUpk8tEjmF/zxB+bATMtPjCUWbz8Lr9wloXIk) 72 628 T
( YbkNpk0agV2IzUpk8tEjmF/zxB+bATMtPjCUWbz8Lr9wloXIkjHUlBLpvXR0UrUz) 72 614 T
( agV2IzUpk8tEjmFjHUlBLpvXR0UrUz/zxB+bATMtPjCUWbz8Lr9wloXIkYbkNpk0) 72 600 T
(MIC-Info: RSA-MD2,RSA,) 72 586 T
( 5rDqUcMlK1Z6720dcBWGGsDLpTpSCnpotJ6UiRRGcDSvzrsoK+oNvqu6z7Xs5Xfz) 72 572 T
(Recipient-ID: someone@somewhere.com:MF8xCzAJBgNVBAYTAlVTMRowGAYDV) 72 558 T
(QQKEw9Tb21ld2hlcmUsIEluYy4xHjAcBgNVBAsTCkhvbWUgT2ZmaWNl:3) 90 544 T
(Key-Info: RSA,) 72 530 T
( lBLpvXR0UrUzYbkNpk0agV2IzUpk8tEjmF/zxB+bATMtPjCUWbz8Lr9wloXIkjHU) 72 516 T
(Recipient-ID: towho@somewhere.else.com:MF8xBjAJBgNVBAYTAlVTMRowGA) 72 502 T
(YDVQQKEw9FbHNld2hlcmUgQ29ycC4xHjAcBgNVBAsTCFNlY3VyaXR5:4) 90 488 T
(Key-Info: RSA,) 72 474 T
( NcUk2jHEUSoH1nvNSIWL9MLLrHB0eJzyhP+/fSStdW8okeEnv47jxe7SJ/iN72oh) 72 460 T
(LLrHB0eJzyhP+/fSStdW8okeEnv47jxe7SJ/iN72ohNcUk2jHEUSoH1nvNSIWL9M) 72 432 T
(8tEjmF/zxB+bATMtPjCUWbz8Lr9wloXIkjHUlBLpvXR0UrUzYbkNpk0agV2IzUpk) 72 418 T
(J6UiRRGcDSvzrsoK+oNvqu6z7Xs5Xfz5rDqUcMlK1Z6720dcBWGGsDLpTpSCnpot) 72 404 T
(dXd/H5LMDWnonNvPCwQUHt==) 72 390 T
(-----END PRIVACY-ENHANCED MESSAGE BOUNDARY-----) 72 376 T
0 F
(Figure 3. Sample encapsulated portion \050asymmetric interchange keys; [26], p. 19, modi\336ed\051.) 84.15 356 T
72 351 540 351 2 L
7 X
V
0.5 H
2 Z
0 X
N
0 0 612 792 C
FMENDPAGE
%%EndPage: "8" 9
6 11 /Times-Roman FMDEFINEFONT
%%Page: "9" 9
612 792 0 FMBEGINPAGE
72 745.99 540 756 R
7 X
0 K
V
72 32.69 540 42.7 R
V
0 F
0 X
(Page 9 of 44) 479.71 34.7 T
72 72 540 720 R
7 X
V
0 X
-0.45 (vagraties of intermediate mail agents. As this proposal is designed for the Internet, the transformed) 72 712 P
0.6 (encapsulated message must be sent in a form acceptable to SMTP message transport agents; the) 72 692 P
(relevant requirements are:) 72 672 T
3 F
(8) 197.22 676.8 T
0 F
(1.) 108 648 T
-0.52 (all characters must be members of the 7-bit ) 126 648 P
3 F
-0.44 (ASCII) 332.33 648 P
0 F
-0.52 ( character set; the successful transmis-) 358.43 648 P
1.4 (sion of the eighth \050high-order\051 bit is not guaranteed \050and in practice often does not) 126 628 P
(work\051;) 126 608 T
(2.) 108 584 T
(text lines may be no more than 1000 characters long;) 126 584 T
(3.) 108 560 T
2.2 (text lines must be delimited by a carriage return \322<) 126 560 P
3 F
1.83 (CR) 390.02 560 P
0 F
2.2 (>\323 followed by a line feed) 403.35 560 P
(\322<) 126 540 T
3 F
(LF) 138.09 540 T
0 F
(>\323;) 149.75 540 T
(4.) 108 516 T
0.68 (the character sequence \322<) 126 516 P
3 F
0.57 (CR) 251.69 516 P
0 F
0.68 (><) 265.02 516 P
3 F
0.57 (LF) 278.55 516 P
0 F
0.68 (>.<) 290.21 516 P
3 F
0.57 (CR) 306.74 516 P
0 F
0.68 (><) 320.07 516 P
3 F
0.57 (LF) 333.6 516 P
0 F
0.68 (>\323, which is used by the message trans-) 345.26 516 P
-0.21 (port agents to indicate the end of a message, cannot appear within the body of the mes-) 126 496 P
(sage.) 126 476 T
-0.36 (Because most computer systems do not use a local representation which complies with this) 108 452 P
0.33 (standard \050and which in fact varies between computers\051, some transformation of mail messages is) 72 432 P
-0.31 (necessary to provide interoperability between hosts using dif) 72 412 P
-0.31 (ferent local representations. Since the) 361.06 412 P
0.12 (encapsulated body of a privacy-enhanced mail message may be encrypted, resulting in characters) 72 392 P
-0.08 (where the high-order bit must be transmitted accurately for the message to be decrypted correctly) 72 372 P
-0.08 (,) 537 372 P
0.25 (the transformation must take this into account to provide transparency to the underlying message) 72 352 P
(transport agents. ) 72 332 T
-0.48 (Hence the encapsulated body under) 108 308 P
-0.48 (goes a three step transformation: \336rst it is put into a ma-) 276.4 308 P
-0.31 (chine-independent character) 72 288 P
-0.31 (-oriented format, then an integrity check is generated and \050if required\051) 206.99 288 P
0.06 (the message is encrypted, and \336nally the resulting bit stream is converted to a special set of print-) 72 268 P
0.82 (able characters suitable for processing by any \050reasonable\051 message transport agent. Initially) 72 248 P
0.82 (, of) 523.19 248 P
0.06 (course, the message text is entered into the system, for example with a text editor; the representa-) 72 228 P
0.48 (tion of the characters is that used by the local computer system and is called the ) 72 208 P
2 F
0.48 (local) 464.75 208 P
0 F
0.48 ( ) 488.74 208 P
2 F
0.48 (form) 492.22 208 P
0 F
0.48 (. The) 514.87 208 P
(local form is then altered in three steps.) 72 188 T
4 F
(3.1.1. Canonicalization) 72 156 T
3 F
(9) 188.61 160.8 T
0 F
0.05 (The message is converted into a canonical form to ensure that encryption, decryption, and) 108 132 P
0.54 (integrity checking all are done on a consistent representation of the message. The representation) 72 112 P
0.47 (chosen is to transform characters in the message into their ) 72 92 P
6 F
0.43 (ASCII) 357.86 92 P
0 F
0.47 ( representations, with the parity) 386.55 92 P
FMENDPAGE
%%EndPage: "9" 10
6 12 /Courier-Oblique FMDEFINEFONT
%%Page: "10" 10
612 792 0 FMBEGINPAGE
72 745.99 540 756 R
7 X
0 K
V
72 32.69 540 42.7 R
V
0 F
0 X
(Page 10 of 44) 473.71 34.7 T
72 72 540 720 R
7 X
V
0 X
0.59 (\050high-order\051 bit cleared and with line \050record\051 delimiters changed to <) 72 712 P
3 F
0.49 (CR) 413.05 712 P
0 F
0.59 (><) 426.39 712 P
3 F
0.49 (LF) 439.92 712 P
0 F
0.59 (>; note that this is) 451.58 712 P
-0.36 (almost the representation used by SMTP [33].) 72 692 P
3 F
-0.3 (10) 290.68 696.8 P
0 F
-0.36 ( Although any consistent representation would do,) 300.67 692 P
-0.36 (this one was chosen because it is a common representation familiar to all SMTP message transport) 72 672 P
(agents, and therefore software to do this is widely available throughout the Internet.) 72 652 T
4 F
(3.1.2. Authentication and Encipherment) 72 620 T
3 F
(1) 277.23 624.8 T
(1) 281.86 624.8 T
0 F
0.54 (An integrity check is then computed using one of a number of speci\336ed algorithms; note) 108 596 P
0.27 (that this check can be veri\336ed on any type of destination computer because it is computed on the) 72 576 P
-0.55 (canonical representation of the message and not the local, machine dependent, representation. Cur-) 72 556 P
-0.17 (rently) 72 536 P
-0.17 (, three algorithms are speci\336ed. The DEA-1-based Message Authentication Code \050MAC\051 al-) 99.2 536 P
3.28 (gorithm [18] is a well-known message integrity checksum algorithm, has been examined) 72 516 P
-0.7 (extensively for weaknesses \050see for example [1]\051, and appears to be quite strong; however) 72 496 P
-0.7 (, it is only) 494.11 496 P
0.51 (suitable when sending a message to ) 72 476 P
2 F
0.51 (one) 248.95 476 P
0 F
0.51 ( recipient [30]. Hence its use is strongly discouraged for) 266.27 476 P
0.03 (messages sent to more than one party) 72 456 P
0.03 (. An alternate algorithm, the RSA-MD2 Message Digest Al-) 250.61 456 P
0.06 (gorithm[27], does not suf) 72 436 P
0.06 (fer from this weakness and while formal analyses of it are not available,) 193.89 436 P
-0.22 (it does not appear to have any exploitable cryptographic weaknesses. Its successor) 72 416 P
-0.22 (, the RSA-MD4) 464.15 416 P
0.51 (Message Digest Algorithm [34] also appears to be quite robust and very dif) 72 396 P
0.51 (\336cult to compromise) 439.69 396 P
-0.48 (so, in the absense of evidence to the contrary) 72 376 P
-0.48 (, it has also been de\336ned as an acceptable algorithm.) 282.86 376 P
3 F
-0.4 (12) 530.01 380.8 P
0 F
-0.48 ( If privacy is required, the message will then be enciphered using an appropriate encryption) 108 352 P
0.21 (algorithm with a data encryption key generated for the message.) 72 332 P
3 F
0.18 (13) 381.69 336.8 P
0 F
0.21 ( Currently) 391.68 332 P
0.21 (, the only encryption) 440.09 332 P
-0.47 (algorithm allowed is the DES in cipher block chaining mode [16][17]. This U. S. government stan-) 72 312 P
0.57 (dard is in widespread use, has withstood the test of time, can be implemented very ef) 72 292 P
0.57 (\336ciently in) 487.78 292 P
-0.35 (either hardware or software, and all attacks known are very time-consuming.) 72 272 P
3 F
-0.3 (14) 436.81 276.8 P
0 F
-0.35 ( Padding is done by) 446.8 272 P
-0.44 (creating an octet containing the number of extra octets needed, and replicating it appropriately) 72 252 P
-0.44 (. For) 517.79 252 P
0.12 (example, if the message required 3 octets of padding, the bits \322030303\323 \050in hex\051 would be added.) 72 232 P
(Up to eight octets may be added to ensure the input can be unambiguously decrypted.) 72 212 T
3 F
(15) 482.71 216.8 T
0 F
-0.03 (Figure 4 summarizes the encapsulated header \336elds that convey the information needed to) 108 188 P
0.54 (decrypt, and check the integrity of, the message. All privacy-enhanced messages contain the en-) 72 168 P
(capsulated header \336eld) 72 148 T
5 F
( Proc-Type: ) 169.27 124 T
6 F
(protocol_version) 255.63 124 T
5 F
(,) 370.76 124 T
6 F
(proc_type) 377.96 124 T
0 F
-0.18 (which indicates the type of processing done. Its \336rst sub\336eld, ) 72 106 P
2 F
-0.18 (pr) 366.65 106 P
-0.18 (otocol) 376.87 106 P
0 F
-0.18 (, is the number of the proto-) 406.85 106 P
0.19 (col used \050see Figure 5\051. Its second sub\336eld, ) 72 86 P
2 F
0.19 (pr) 284.01 86 P
0.19 (oc_type) 294.23 86 P
0 F
0.19 (, is ) 331.52 86 P
5 F
0.45 (MIC-ONLY) 348.89 86 P
0 F
0.19 ( if ) 406.46 86 P
2 F
0.19 (no) 420.16 86 P
0 F
0.19 ( part of the message is) 432.15 86 P
FMENDPAGE
%%EndPage: "10" 11
%%Page: "11" 11
612 792 0 FMBEGINPAGE
72 745.99 540 756 R
7 X
0 K
V
72 32.69 540 42.7 R
V
0 F
0 X
(Page 11 of 44) 473.71 34.7 T
72 72 540 720 R
7 X
V
0 X
-0.41 (encrypted, ) 72 394.98 P
5 F
-0.97 (ENCRYPTED) 124.88 394.98 P
0 F
-0.41 ( if the encapsulated message is encrypted) 189.65 394.98 P
5 F
-0.97 (,) 385.06 394.98 P
0 F
-0.41 (or ) 392.25 394.98 P
5 F
-0.97 (MIC-CLEAR) 404.84 394.98 P
0 F
-0.41 ( if the message) 469.6 394.98 P
0.83 (is unencrypted and not encoded as described in section 3.1.3.) 72 374.98 P
3 F
0.69 (16) 372.63 379.78 P
0 F
0.83 ( A second header \336eld, required) 382.62 374.98 P
(only for encrypted messages, conveys the message encryption algorithm and initialization vector:) 72 354.98 T
5 F
(DEK-Info: ) 187.26 330.98 T
6 F
(encrypt_alg) 259.23 330.98 T
5 F
(,) 338.38 330.98 T
6 F
(init_vector) 345.58 330.98 T
0 F
0 (The \336rst sub\336eld is a string indicating how the message was encrypted; as only the DES in cipher) 72 312.98 P
0.24 (block chaining mode is de\336ned for use, this string must be ) 72 292.98 P
5 F
0.58 (DES-CBC) 357.83 292.98 P
0 F
0.24 (. The second sub\336eld is the) 408.2 292.98 P
0 (initialization vector) 72 272.98 P
0 (. Although the initialization vector is usually encrypted to prevent spoo\336ng by) 164.94 272.98 P
-0.13 (altering key bits \050and also altering the decryption of the \336rst block\051, the integrity check will detect) 72 252.98 P
-0.26 (such tampering; hence the initialization vector need not be encrypted and is represented as a string) 72 232.98 P
-0.24 (of 16 hexadecimal digits. The integrity check and data encryption key will be transmitted after be-) 72 212.98 P
(ing encrypted with the interchange key) 72 192.98 T
(, and we shall defer the details until the next section.) 258.08 192.98 T
3 F
(17) 509.9 197.78 T
4 F
(3.1.3. Printable Encoding) 72 160.98 T
3 F
(18) 201.61 165.78 T
0 F
-0.19 (After the second step, the message text should be thought of as a bit stream. \050The encapsu-) 108 136.98 P
0.31 (lated headers are not part of this stream unless they are replicated within the message text for in-) 72 116.98 P
-0.09 (tegrity checking purposes.\051 Note that even though there are an integral number of characters, all 8) 72 96.98 P
72 72 540 720 C
72 513 540 720 C
0 F
0 X
0 K
(header \336eld) 97.86 712 T
(sub\336elds) 221.68 712 T
(used \311) 364.48 712 T
(see section) 468.85 712 T
5 F
(Proc-Type) 81 698 T
(protocol,proc_type) 180 698 T
0 F
(always) 342 698 T
(3.1.2.) 486 698 T
5 F
(DEK-Info) 81 684 T
(enc_alg,init_vector) 180 684 T
0 F
(for encrypted messages) 342 684 T
(3.1.2.) 486 684 T
5 F
(Sender-ID) 81 670 T
(address:iss_auth:ver) 180 670 T
0 F
(always) 342 670 T
(3.2.1.) 486 670 T
5 F
(Recipient-ID) 81 656 T
(address:iss_auth:ver) 180 656 T
0 F
(always) 342 656 T
(3.2.1.) 486 656 T
5 F
(Key-Info) 81 642 T
(ik_use,mic_alg,dek,mic) 180 642 T
0 F
(with symmetric IKs) 342 642 T
(3.2.2.) 486 642 T
5 F
(Key-Info) 81 628 T
(ik_use,dek) 180 628 T
0 F
(with asymmetric IKs) 342 628 T
(3.2.3.) 486 628 T
5 F
(MIC-Info) 81 614 T
(ik_use,mic_alg,mic) 180 614 T
0 F
(with asymmetric IKs) 342 614 T
(3.2.3.) 486 614 T
5 F
(Certificate) 81 600 T
(enc_cert) 180 600 T
0 F
(with certi\336cate-based KM) 342 600 T
(4.1.) 486 600 T
5 F
(Issuer-Certificate) 81 586 T
(enc_cert) 180 572 T
0 F
(with certi\336cate-based KM) 342 572 T
(4.1.) 486 572 T
5 F
(CRL) 81 558 T
(crl_encoded) 180 558 T
0 F
(with certificate-based KM) 342 558 T
(4.2.5.) 486 558 T
0.1 (Figure 4. Summary of header \336elds; here, \322KM\323 stands for \322key management.\323 See the refer-) 81 540 P
(enced sections for more information on each.) 81 526 T
72 522 540 522 2 L
7 X
V
0.5 H
2 Z
0 X
N
72 72 540 720 C
0 0 612 792 C
72 72 540 720 C
72 402.98 540 513 C
0 F
0 X
0 K
(protocol described in) 156.37 497 T
( ) 330.74 497 T
6 F
(protocol) 333.74 497 T
0 F
( sub\336eld value) 391.3 497 T
(RFC-989) 184.67 483 T
(1) 393 483 T
(RFC-1040) 181.68 469 T
(2) 393 469 T
(RFC-1) 182.12 455 T
(1) 214.33 455 T
(13) 219.89 455 T
(3) 393 455 T
2 F
(next RFC) 184.18 441 T
0 F
(4) 393 441 T
(Figure 5. T) 216.31 423 T
(able of Protocol Numbers.) 269.11 423 T
72 414 540 414 2 L
0.5 H
2 Z
N
72 72 540 720 C
0 0 612 792 C
FMENDPAGE
%%EndPage: "11" 12
%%Page: "12" 12
612 792 0 FMBEGINPAGE
72 745.99 540 756 R
7 X
0 K
V
72 32.69 540 42.7 R
V
0 F
0 X
(Page 12 of 44) 473.71 34.7 T
72 72 540 720 R
7 X
V
0 X
-0.51 (bits may be signi\336cant. This form must be changed into another that meets the SMTP requirements) 72 568 P
(stated above. The simplest way to do this is to expand the message.) 72 548 T
0.6 (The \336rst thought is to group the bits into sets of 7, and transmit the 7-bit ) 108 524 P
3 F
0.5 (ASCII) 466.36 524 P
0 F
0.6 ( character) 492.46 524 P
1.01 (corresponding to each. However) 72 504 P
1.01 (, since some of those character sequences are special to SMTP) 230.43 504 P
-0.42 (\050such as \322<) 72 484 P
3 F
-0.35 (CR) 125.21 484 P
0 F
-0.42 (><) 138.55 484 P
3 F
-0.35 (LF) 152.08 484 P
0 F
-0.42 (>.<) 163.74 484 P
3 F
-0.35 (CR) 180.27 484 P
0 F
-0.42 (><) 193.6 484 P
3 F
-0.35 (LF) 207.13 484 P
0 F
-0.42 (>\323\051 and others to the privacy enhancements \050such as \322--\323, which oc-) 218.79 484 P
-0.08 (curs in the encapsulation delimiters\051, there would need to be an escape sequence. It is easier to ig-) 72 464 P
0.69 (nore this issue by restricting the set of characters to those which are not special, The letters and) 72 444 P
0.23 (digits fall into this category) 72 424 P
0.23 (, as do numerous punctuation characters, but there are fewer than 128) 204.07 424 P
0.17 (\0502) 72 404 P
3 F
0.14 (7) 81.99 408.8 P
0 F
0.17 (\051 of them. Hence each bit stream is grouped into sets of 6 bits, each of which is mapped into a) 86.99 404 P
(character in the alphabet shown in \336gure 6.) 72 384 T
3 F
(19) 279.17 388.8 T
0 F
-0.28 (The \336nal set of bits in each stream may contain 2 or 4 bits rather than 6. In the former case,) 108 360 P
-0.09 (the two meaningful bits are padded with four cleared bits, and two \322=\323 characters are appended to) 72 340 P
0.66 (indicate the last 4 bits are padding. In the latter case, the pad is two cleared bits, and one \322=\323 is) 72 320 P
0.41 (appended. Finally) 72 300 P
0.41 (, the resulting character stream is split into lines of 64 printable characters \050ex-) 157.58 300 P
-0.17 (cept, possibly) 72 280 P
-0.17 (, for the last line, which may contain fewer\051.) 137.01 280 P
3 F
-0.14 (20) 348.47 284.8 P
0 F
-0.17 ( This form is suitable for transmission) 358.47 280 P
(by any SMTP-like message transport agent.) 72 260 T
-0.15 (Grouping the stream into sets of 4 bits rather than 6 would make encoding faster and elim-) 108 236 P
-0.22 (inate the special handling of the \336nal set of bits. However) 72 216 P
-0.22 (, this would also double the length of the) 346.17 216 P
0.03 (encoded message. W) 72 196 P
0.03 (ith most messages, network transmission times will dominate the time to en-) 172.5 196 P
(code the message, so the 6-bit encoding was chosen.) 72 176 T
-0.73 (Because reading unencrypted, integrity-checked messages encoded in this format would re-) 108 152 P
-0.2 (quire all user agents to be able to translate this printable encoding, the privacy-enhanced mail pro-) 72 132 P
-0.28 (tocols allow this step to be skipped for such messages; the second \336eld in the ) 72 112 P
5 F
-0.67 (Proc-Type) 440.55 112 P
0 F
-0.28 ( header) 505.32 112 P
0.34 (\336eld will be ) 72 92 P
5 F
0.81 (MIC-CLEAR) 133.31 92 P
0 F
0.34 ( for such messages. However) 198.07 92 P
0.34 (, privacy-enhanced user agents should in-) 339.15 92 P
72 72 540 720 C
72 576 540 720 C
94.46 585 517.46 720 R
7 X
0 K
V
0 F
0 X
(0) 106.47 712 T
(A) 121.46 712 T
(8) 160.47 712 T
(I) 175.46 712 T
(16) 208.47 712 T
(Q) 229.46 712 T
(24) 262.47 712 T
(Y) 283.46 712 T
(32) 316.47 712 T
(g) 337.46 712 T
(40) 370.47 712 T
(o) 391.46 712 T
(48) 424.47 712 T
(w) 445.46 712 T
(56) 478.47 712 T
(4) 499.46 712 T
(1) 106.47 698 T
(B) 121.46 698 T
(9) 160.47 698 T
(J) 175.46 698 T
(17) 208.47 698 T
(R) 229.46 698 T
(25) 262.47 698 T
(Z) 283.46 698 T
(33) 316.47 698 T
(h) 337.46 698 T
(41) 370.47 698 T
(p) 391.46 698 T
(49) 424.47 698 T
(x) 445.46 698 T
(57) 478.47 698 T
(5) 499.46 698 T
(2) 106.47 684 T
(C) 121.46 684 T
(10) 154.47 684 T
(K) 175.46 684 T
(18) 208.47 684 T
(S) 229.46 684 T
(26) 262.47 684 T
(a) 283.46 684 T
(34) 316.47 684 T
(i) 337.46 684 T
(42) 370.47 684 T
(q) 391.46 684 T
(50) 424.47 684 T
(y) 445.46 684 T
(58) 478.47 684 T
(6) 499.46 684 T
(3) 106.47 670 T
(D) 121.46 670 T
(1) 154.91 670 T
(1) 160.47 670 T
(L) 175.46 670 T
(19) 208.47 670 T
(T) 229.46 670 T
(27) 262.47 670 T
(b) 283.46 670 T
(35) 316.47 670 T
(j) 337.46 670 T
(43) 370.47 670 T
(r) 391.46 670 T
(51) 424.47 670 T
(z) 445.46 670 T
(59) 478.47 670 T
(7) 499.46 670 T
(4) 106.47 656 T
(E) 121.46 656 T
(12) 154.47 656 T
(M) 175.46 656 T
(20) 208.47 656 T
(U) 229.46 656 T
(28) 262.47 656 T
(c) 283.46 656 T
(36) 316.47 656 T
(k) 337.46 656 T
(44) 370.47 656 T
(s) 391.46 656 T
(52) 424.47 656 T
(0) 445.46 656 T
(60) 478.47 656 T
(8) 499.46 656 T
(5) 106.47 642 T
(F) 121.46 642 T
(13) 154.47 642 T
(N) 175.46 642 T
(21) 208.47 642 T
(V) 229.46 642 T
(29) 262.47 642 T
(d) 283.46 642 T
(37) 316.47 642 T
(l) 337.46 642 T
(45) 370.47 642 T
(t) 391.46 642 T
(53) 424.47 642 T
(1) 445.46 642 T
(61) 478.47 642 T
(9) 499.46 642 T
(6) 106.47 628 T
(G) 121.46 628 T
(14) 154.47 628 T
(O) 175.46 628 T
(22) 208.47 628 T
(W) 229.46 628 T
(30) 262.47 628 T
(e) 283.46 628 T
(38) 316.47 628 T
(m) 337.46 628 T
(46) 370.47 628 T
(u) 391.46 628 T
(54) 424.47 628 T
(2) 445.46 628 T
(62) 478.47 628 T
(+) 499.46 628 T
(7) 106.47 614 T
(H) 121.46 614 T
(15) 154.47 614 T
(P) 175.46 614 T
(23) 208.47 614 T
(X) 229.46 614 T
(31) 262.47 614 T
(f) 283.46 614 T
(39) 316.47 614 T
(n) 337.46 614 T
(47) 370.47 614 T
(v) 391.46 614 T
(55) 424.47 614 T
(3) 445.46 614 T
(63) 478.47 614 T
(/) 499.46 614 T
(Figure 6. Printable Encoding Characters) 209.53 596 T
540 587.02 72 587.02 2 L
7 X
V
0.5 H
2 Z
0 X
N
72 72 540 720 C
0 0 612 792 C
FMENDPAGE
%%EndPage: "12" 13
%%Page: "13" 13
612 792 0 FMBEGINPAGE
72 745.99 540 756 R
7 X
0 K
V
72 32.69 540 42.7 R
V
0 F
0 X
(Page 13 of 44) 473.71 34.7 T
72 72 540 720 R
7 X
V
0 X
-0.72 (dicate that failure of the integrity checking may result from dif) 72 712 P
-0.72 (ferences in character representations) 367.33 712 P
(between the end hosts rather than an alteration of the contents of the message.) 72 692 T
3 F
(21) 445.71 696.8 T
4 F
(3.2. T) 72 660 T
(ransmission of Integrity Check and Data Encryption Key) 100.1 660 T
0 F
-0.71 (W) 108 636 P
-0.71 (e now turn to the transmission of the data encryption key and the message integrity check.) 118.36 636 P
0 (The former must be encrypted using an interchange key to protect the privacy of the message, the) 72 616 P
0.53 (latter to ensure authenticity) 72 596 P
0.53 (. The mechanism used to do this depends on whether the interchange) 203.72 596 P
-0.08 (key is used with a classical cryptosystem or with a public key cryptosystem. In either case, the in-) 72 576 P
(terchange key depends upon proper identi\336cation of the sender and recipient.) 72 556 T
4 F
(3.2.1. Sender) 72 524 T
(, Recipient, and Inter) 136.86 524 T
(change Key Information) 245.58 524 T
3 F
(22) 370.84 528.8 T
0 F
-0.61 (The sender and recipient of each message are identi\336ed in the following encapsulated head-) 108 500 P
(er \336elds:) 72 480 T
3 F
(23) 113.64 484.8 T
5 F
(Originator-ID: ) 126 456 T
6 F
(entity_id) 233.94 456 T
5 F
(:) 298.7 456 T
6 F
(issuing_authority) 305.9 456 T
5 F
(:) 428.23 456 T
6 F
(version) 435.43 456 T
5 F
(Recipient-ID: ) 126 442 T
6 F
(entity_id) 226.74 442 T
5 F
(:) 291.51 442 T
6 F
(issuing_authority) 298.7 442 T
5 F
(:) 421.04 442 T
6 F
(version) 428.23 442 T
0 F
-0.25 (These \336elds specify which interchange key was used. The \336rst sub\336eld contains the identity of the) 72 424 P
-0.52 (sender or receiver) 72 404 P
-0.52 (, the second the identity of the authority issuing the interchange key) 156.38 404 P
-0.52 (, and the third) 474.95 404 P
-0.29 (an indicator of the speci\336c interchange key being used. Since interchange keys depend on both the) 72 384 P
3.08 (sender and the recipient, each ) 72 364 P
5 F
7.38 (Recipient-ID) 232.58 364 P
0 F
3.08 ( \336eld is associated with the last preceding) 318.93 364 P
5 F
(Sender-ID) 72 344 T
0 F
( line.) 136.76 344 T
0.26 (The \336rst sub\336eld is mandatory; it also requires that each sender and recipient be uniquely) 108 320 P
-0.3 (identi\336able. Hence it assumes the form ) 72 300 P
2 F
-0.3 (user) 260.42 300 P
0 F
-0.3 (@) 281.07 300 P
2 F
-0.3 (host) 292.12 300 P
0 F
-0.3 (, where ) 312.11 300 P
2 F
-0.3 (user) 349.81 300 P
0 F
-0.3 ( is unique to ) 370.46 300 P
2 F
-0.3 (host) 431.24 300 P
0 F
-0.3 ( and) 451.24 300 P
2 F
-0.3 ( host) 471.26 300 P
0 F
-0.3 ( is unique) 493.95 300 P
1.12 (throughout the set of hosts using electronic mail. Any scheme guaranteeing this will work, but) 72 280 P
0.04 (those sites which transmit into the Internet should use the fully quali\336ed domain name for ) 72 260 P
2 F
0.04 (host) 506.68 260 P
0 F
0.04 (;) 526.67 260 P
3 F
0.03 (24) 530.01 264.8 P
0 F
(that name will be processed in a case-insensitive manner) 72 240 T
(.) 343.14 240 T
3 F
(25) 346.13 244.8 T
0 F
0.25 (The second sub\336eld contains the unique name of the authority that issued the interchange) 108 216 P
0.23 (key; it need not be unique among all entities, but must be unique over all issuing authorities.) 72 196 P
3 F
0.19 (26) 518.79 200.8 P
0 F
0.23 ( If) 528.78 196 P
0.05 (certi\336cate-based asymmetric key management is used, then this name is to be the issuing authori-) 72 176 P
0.35 (ty\325) 72 156 P
0.35 (s Distinguished Name, written according to the rules in [24], then encoded using the basic en-) 84.67 156 P
0.05 (coding rules of ASN.1 [7] and represented using the printable encoding form described in section) 72 136 P
0.55 (3.1.3.) 72 116 P
3 F
0.46 (27) 98.99 120.8 P
0 F
0.55 ( This convention was chosen because it is also used in certi\336cates to identify issuing au-) 108.98 116 P
0 (thorities unambiguously) 72 96 P
0 (. The nature of a Distinguished Name will be described later; however) 187.49 96 P
0 (, as) 524.02 96 P
FMENDPAGE
%%EndPage: "13" 14
%%Page: "14" 14
612 792 0 FMBEGINPAGE
72 745.99 540 756 R
7 X
0 K
V
72 32.69 540 42.7 R
V
0 F
0 X
(Page 14 of 44) 473.71 34.7 T
72 72 540 720 R
7 X
V
0 X
-0.65 (examples, in Figure 3 the issuing authorities of the certi\336cates of the recipients are the Home Of) 72 712 P
-0.65 (\336ce) 522.68 712 P
(of Somewhere, Inc. and Security of Elsewhere Corp., both in the United States.) 72 692 T
-0.17 (The third sub\336eld is some number or string selected by the issuing authority to disambigu-) 108 668 P
-0.43 (ate among the interchange keys issued by that authority to the sender/recipient pair) 72 648 P
-0.43 (. For certi\336cate-) 463.92 648 P
-0.05 (based interchange key management schemes, this sub\336eld must be the serial number of the certif-) 72 628 P
-0.02 (icate; for other schemes, the proposal recommends the use of timestamps, which not only provide) 72 608 P
-0.66 (uniqueness but also allow an expiration date to be prescribed \050for example, two years after issue\051.) 72 588 P
3 F
-0.55 (28) 530.01 592.8 P
0 F
0.02 (If the sub\336elds contain redundant information, they may be omitted.) 108 564 P
3 F
0.02 (29) 435.65 568.8 P
0 F
0.02 ( For example, if the) 445.64 564 P
-0.21 (interchange key is used in a symmetric cryptosystem, the contents of the last two sub\336elds of both) 72 544 P
5 F
0.89 (Originator-ID ) 72 524 P
0 F
0.37 (and ) 173.63 524 P
5 F
0.89 (Recipient-ID) 194.32 524 P
0 F
0.37 ( \336elds will be the same for each sender/recipient pair) 280.67 524 P
0.37 (,) 537 524 P
(and so are normally omitted from the ) 72 504 T
5 F
(Originator-ID) 253.54 504 T
0 F
( \336eld. In Figure 2, the \336eld) 347.09 504 T
5 F
(Originator-ID: someone@somewhere.com::) 169.27 480 T
0 F
0.1 (identi\336es the sender as user ) 72 462 P
2 F
0.1 (someone) 207.41 462 P
0 F
0.1 ( at host ) 249.38 462 P
2 F
0.1 (somewher) 287.33 462 P
0.1 (e.com) 335.52 462 P
0 F
0.1 (, but leaves the issuing authority and) 363.83 462 P
-0.74 (version sub\336elds blank. Additional relevant information is in the associated ) 72 442 P
5 F
-1.77 (Recipient-ID) 430.06 442 P
0 F
-0.74 ( line:) 516.41 442 P
5 F
(Recipient-ID: someone@somewhere.com:ptf-kmc:3) 144.09 418 T
0 F
0.79 (means that the recipient is ) 72 400 P
2 F
0.79 (someone@somewher) 204.22 400 P
0.79 (e.com) 305.4 400 P
0 F
0.79 (, that the interchange authority named ) 333.71 400 P
2 F
0.79 (ptf-) 523.34 400 P
0.36 (kmc) 72 380 P
0 F
0.36 ( has issued an interchange key for ) 91.31 380 P
2 F
0.36 (someone ) 259.33 380 P
0 F
0.36 (to use when he sends messages to himself \050since) 304.65 380 P
0.54 (the last preceding ) 72 360 P
5 F
1.29 (Originator-ID ) 161.21 360 P
0 F
0.54 (\336eld identi\336ed ) 263.25 360 P
2 F
0.54 (someone@somewher) 336.96 360 P
0.54 (e.com ) 438.14 360 P
0 F
0.54 (as the sender\051,) 469.99 360 P
(and that this key can be identi\336ed uniquely by the string ) 72 340 T
5 F
(3) 344.17 340 T
0 F
(. The second such \336eld,) 351.36 340 T
5 F
(Recipient-ID: towho@somewhere.else.com:ptf-kmc:4) 133.29 316 T
0 F
-0.02 (means that ) 72 298 P
2 F
-0.02 (ptf-kmc) 126.59 298 P
0 F
-0.02 ( has also issued an interchange key for) 162.56 298 P
2 F
-0.02 ( someone@somewher) 347.29 298 P
-0.02 (e.com) 451.46 298 P
0 F
-0.02 ( to use when) 479.76 298 P
0.11 (sending messages to ) 72 278 P
2 F
0.11 (towho@somewher) 173.28 278 P
0.11 (e.else.com) 261.83 278 P
0 F
0.11 (, and that this key can be identi\336ed uniquely by) 311.78 278 P
(the string ) 72 258 T
5 F
(4) 119.97 258 T
0 F
(.) 127.17 258 T
-0.08 ( Similarly) 108 234 P
-0.08 (, if the sender) 157.71 234 P
-0.08 (\325) 223.19 234 P
-0.08 (s public key is sent in the message as a certi\336cate containing both) 226.52 234 P
0.93 (the version number and issuing authority \050using the certi\336cates and the ) 72 214 P
5 F
2.22 (Certificate) 424.96 214 P
0 F
0.93 ( header) 504.11 214 P
0.49 (\336eld described in the next section\051, the last two sub\336elds in the ) 72 194 P
5 F
1.17 (Originator-ID) 382.69 194 P
0 F
0.49 ( \336eld may be) 476.24 194 P
-0.54 (omitted. In Figure 3, the certi\336cate in the ) 72 174 P
5 F
-1.3 (Certificate) 267.53 174 P
0 F
-0.54 ( line is that of the sender in the preceding) 346.69 174 P
5 F
14.08 (Originator-ID) 72 154 P
0 F
5.87 ( line, so the last two sub\336elds of that \336eld are omitted. But the) 165.55 154 P
5 F
0.73 (Recipient-) 72 134 P
0.73 (ID) 143.96 134 P
0 F
0.3 ( lines specify the issuer and serial number of the recipients\325 certi\336cates, so that) 158.35 134 P
(they can determine which of their public keys was used to encrypt the data encryption key) 72 114 T
(.) 503.89 114 T
FMENDPAGE
%%EndPage: "14" 15
%%Page: "15" 15
612 792 0 FMBEGINPAGE
72 745.99 540 756 R
7 X
0 K
V
72 32.69 540 42.7 R
V
0 F
0 X
(Page 15 of 44) 473.71 34.7 T
72 72 540 720 R
7 X
V
4 F
0 X
(3.2.2. Symmetric Inter) 72 712 T
(change Keys) 186.69 712 T
0 F
-0.48 (W) 108 688 P
-0.48 (ith symmetric cryptosystems, the encryption key is either the same as, or easily derivable) 118.84 688 P
-0.67 (from, the decryption key) 72 668 P
-0.67 (. For this reason, the ) 187.78 668 P
2 F
-0.67 (inter) 285.35 668 P
-0.67 (change) 307.57 668 P
0 F
-0.67 ( ) 342.2 668 P
2 F
-0.67 (key) 344.53 668 P
0 F
-0.67 ( is de\336ned as the single key associated) 360.5 668 P
0.69 (with both the sender and the recipient, and the message integrity check and data encryption key) 72 648 P
(follow the identi\336cation of each sender and recipient.) 72 628 T
3 F
(30) 327.81 632.8 T
0 F
-0.26 (The message integrity check and data encryption key for each sender and recipient pair are) 108 604 P
(given on lines of the form) 72 584 T
3 F
(31) 196.25 588.8 T
5 F
(Key-Info: ) 169.27 560 T
6 F
(ik_use) 241.24 560 T
5 F
(,) 284.41 560 T
6 F
(mic_algorithm) 291.61 560 T
5 F
(,) 385.16 560 T
6 F
(dek) 392.35 560 T
5 F
(,) 413.94 560 T
6 F
(mic) 421.14 560 T
0 F
-0.19 (One such line normally follows each recipient name, and uses the interchange key associated with) 72 542 P
0.49 (the last-preceding sender and that recipient. The \336rst sub\336eld identi\336es the algorithm which was) 72 522 P
0.89 (used to encrypt the data exchange key; the proposal requires using either the DES in electronic) 72 502 P
-0.34 (code book mode \050indicated by ) 72 482 P
5 F
-0.81 (DES-ECB) 218.54 482 P
0 F
-0.34 (\051 [17] or the DES in encrypt-decrypt-encrypt mode \050indi-) 268.91 482 P
-0.31 (cated by ) 72 462 P
5 F
-0.74 (DES-EDE) 114.68 462 P
0 F
-0.31 (\051 [2]; these were chosen because they are cryptographically very strong, can be) 165.05 462 P
-0.42 (implemented ef) 72 442 P
-0.42 (\336ciently in hardware or software, and are used by standards relied upon throughout) 146.31 442 P
-0.54 (dif) 72 422 P
-0.54 (ferent communities.) 85.11 422 P
3 F
-0.45 (32) 180.51 426.8 P
0 F
-0.54 ( The second sub\336eld identi\336es the algorithm used to generate the message) 190.5 422 P
0.79 (integrity check; this sub\336eld must be ) 72 402 P
5 F
1.9 (MAC) 256.66 402 P
0 F
0.79 ( \050for the DEA-1-based algorithm\051, ) 278.25 402 P
5 F
1.9 (RSA-MD2) 449.41 402 P
0 F
0.79 ( \050for the) 499.78 402 P
0.75 (RSA-MD2 Message Digest Algorithm\051 or ) 72 382 P
5 F
1.8 (RSA-MD4) 280.61 382 P
0 F
0.75 ( \050for the RSA-MD4 Message Digest Algo-) 330.99 382 P
-0.24 (rithm\051.) 72 362 P
3 F
-0.2 (33) 104.98 366.8 P
0 F
-0.24 ( The third and fourth sub\336elds are the data exchange key and the message integrity check) 114.98 362 P
0.03 (encrypted using the algorithm given by the \336rst sub\336eld with the interchange key) 72 342 P
0.03 (. Both are repre-) 461.32 342 P
(sented as strings of hexadecimal digits. For example, in Figure 2, the line) 72 322 T
5 F
(Key-Info: DES-ECB,RSA-MD2,) 108 298 T
(0F65D99570758593,AEE05B42181E5E261B301291D83DB8F1) 126 284 T
0 F
0.03 0.17 (indicates that the message integrity check was computed using the RSA-MD2 Message Digest) 72 266 B
0.03 0.09 (Algorithm, and both it and the data exchange key were encrypted using the interchange key and) 72 246 B
0.03 0.04 (the DES algorithm in electronic code book form. The second ) 72 226 B
5 F
0.07 0.04 (Key-Info) 370.08 226 B
0 F
0.03 0.04 ( ) 427.96 226 B
0.03 0.04 (line in that f) 431.03 226 B
0.03 0.04 (igure indi-) 489.32 226 B
0.03 0.19 (cates the same algorithms, but since another ) 72 206 B
5 F
0.07 0.19 (Recipient-ID) 295.25 206 B
0 F
0.03 0.19 ( line has occurred since the last) 383.87 206 B
5 F
0.07 0.15 (Key-Info) 72 186 B
0 F
0.03 0.15 ( line, the data encryption key and message integrity check were encrypted with the) 130.8 186 B
0.03 1.47 (interchange key for the sender/recipient pair ) 72 166 B
2 F
0.03 1.47 (someone@somewher) 354.9 166 B
0.03 1.47 (e.com ) 479.6 166 B
0 F
0.03 1.47 (and) 519.74 166 B
2 F
(towho@) 72 146 T
(somewher) 112.36 146 T
(e.else.com \050) 160.55 146 T
0 F
(and hence look quite dif) 217.49 146 T
(ferent than in the preceding line\051.) 333.19 146 T
FMENDPAGE
%%EndPage: "15" 16
%%Page: "16" 16
612 792 0 FMBEGINPAGE
72 745.99 540 756 R
7 X
0 K
V
72 32.69 540 42.7 R
V
0 F
0 X
(Page 16 of 44) 473.71 34.7 T
72 72 540 720 R
7 X
V
4 F
0 X
(3.2.3. Asymmetric Inter) 72 712 T
(change Keys) 193.35 712 T
0 F
0.49 (W) 108 688 P
0.49 (ith public key cryptosystems, encryption and decryption keys are dif) 118.84 688 P
0.49 (ferent, and neither) 451.44 688 P
-0.2 (can be derived merely by knowing the other) 72 668 P
-0.2 (. This allows authentication and encryption to be done) 281.44 668 P
-0.13 (with two dif) 72 648 P
-0.13 (ferent keys, and so the ) 130.17 648 P
2 F
-0.13 (inter) 240.12 648 P
-0.13 (change) 262.33 648 P
0 F
-0.13 ( ) 296.97 648 P
2 F
-0.13 (key) 299.84 648 P
0 F
-0.13 ( is comprised of both the recipient\325) 315.82 648 P
-0.13 (s public key) 482.29 648 P
-0.46 (and the sender) 72 628 P
-0.46 (\325) 140.81 628 P
-0.46 (s private key) 144.14 628 P
-0.46 (, the former being used to encrypt the data exchange key \050privacy\051, and) 203.74 628 P
-0.5 (the latter being used to encrypt the message integrity check \050integrity/authenticity\051.) 72 608 P
3 F
-0.42 (34) 465.72 612.8 P
0 F
-0.5 ( The message) 475.72 608 P
-0.16 (integrity check and data encryption keys are given by two dif) 72 588 P
-0.16 (ferent header \336elds because the parts) 363.96 588 P
(of the interchange key dif) 72 568 T
(fer) 195.02 568 T
(. The message integrity check is given in header \336elds of the form) 207.67 568 T
3 F
(35) 524.44 572.8 T
5 F
(Key-Info: ) 234.04 544 T
6 F
(ik_use) 306 544 T
5 F
(,) 349.18 544 T
6 F
(dek) 356.37 544 T
0 F
0.12 (The \336rst sub\336eld is the name of the algorithm used to encrypt the data encryption key; since only) 72 526 P
-0.62 (one algorithm is currently de\336ned for this purpose, the \336rst sub\336eld will always be ) 72 506 P
5 F
-1.49 (RSA) 462.71 506 P
0 F
-0.62 (.) 484.3 506 P
3 F
-0.52 (36) 487.29 510.8 P
0 F
-0.62 ( The sec-) 497.29 506 P
0.34 (ond sub\336eld is the data exchange key) 72 486 P
0.34 (, encrypted using the recipient\325) 252.48 486 P
0.34 (s public key and represented) 402.07 486 P
-0.69 (as a string of printable encoding characters using the encoding transformation. For example, in Fig-) 72 466 P
(ure 3 the header \336elds) 72 446 T
5 F
(Recipient-ID: someone@somewhere.com:MF8xCzAJBgNVBAYTAlVTMRowGAYDV) 72 422 T
(QQKEw9Tb21ld2hlcmUsIEluYy4xHjAcBgNVBAsTCkhvbWUgT2ZmaWNl:3) 90 408 T
(Key-Info: RSA,) 72 394 T
( lBLpvXR0UrUzYbkNpk0agV2IzUpk8tEjmF/zxB+bATMtPjCUWbz8Lr9wloXIkjHU) 72 380 T
(Recipient-ID: towho@somewhere.else.com:MF8xBjAJBgNVBAYTAlVTMRowGA) 72 366 T
(YDVQQKEw9FbHNld2hlcmUgQ29ycC4xHjAcBgNVBAsTCFNlY3VyaXR5:4) 90 352 T
(Key-Info: RSA,) 72 338 T
( NcUk2jHEUSoH1nvNSIWL9MLLrHB0eJzyhP+/fSStdW8okeEnv47jxe7SJ/iN72oh) 72 324 T
0 F
1.43 (show that the sender \050) 72 288 P
2 F
1.43 (someone@somewher) 182.98 288 P
1.43 (e.com) 284.17 288 P
0 F
1.43 (\051 has encrypted the data encryption key using) 312.48 288 P
8.22 (RSA and his public key for the \336rst recipient \050himself\051, and using RSA and) 72 268 P
2 F
(towho@) 72 248 T
(somewher) 112.36 248 T
(e.else.com) 160.55 248 T
0 F
(\325) 210.5 248 T
(s public key for the second.) 213.83 248 T
(The message integrity check is transmitted similarly) 108 224 T
(, in a header \336eld of the form) 357.73 224 T
3 F
(37) 497.62 228.8 T
5 F
(MIC-Info: ) 183.67 200 T
6 F
(ik_use) 255.63 200 T
5 F
(,) 298.8 200 T
6 F
(mic_algorithm) 306 200 T
5 F
(,) 399.55 200 T
6 F
(mic) 406.74 200 T
0 F
-0.59 (The \336rst sub\336eld identi\336es the algorithm used to compute the integrity check, and so must be either) 72 182 P
5 F
-0.31 (MAC) 72 162 P
0 F
-0.13 ( \050if the DEA-1-based algorithm was used\051, ) 93.59 162 P
5 F
-0.31 (RSA-MD2) 299.85 162 P
0 F
-0.13 ( \050if the RSA Message Digest Algorithm) 350.23 162 P
0.47 (was used\051, or ) 72 142 P
5 F
1.13 (RSA-MD4) 140.02 142 P
0 F
0.47 ( \050if the newer RSA Message Digest Algorithm was used\051.) 190.4 142 P
3 F
0.39 (38) 471.11 146.8 P
0 F
0.47 ( The second) 481.11 142 P
0.33 (sub\336eld identi\336es the algorithm used to encrypt the integrity check; again, currently this must be) 72 122 P
5 F
0.16 (RSA) 72 102 P
0 F
0.07 (. The \336nal sub\336eld is the message integrity check represented as into a string of printable en-) 93.59 102 P
-0.59 (coding characters using the encoding transformation; if the message is encrypted, then the message) 72 82 P
FMENDPAGE
%%EndPage: "16" 17
%%Page: "17" 17
612 792 0 FMBEGINPAGE
72 745.99 540 756 R
7 X
0 K
V
72 32.69 540 42.7 R
V
0 F
0 X
(Page 17 of 44) 473.71 34.7 T
72 72 540 720 R
7 X
V
0 X
0.44 (integrity check must also be encrypted \050using the same algorithm and data encryption key as the) 72 712 P
-0.36 (message\051; otherwise, if an encrypted message known to correspond to one of ) 72 692 P
2 F
-0.36 (n) 439.77 692 P
0 F
-0.36 ( possible plaintexts,) 445.76 692 P
-0.54 (were intercepted, then comparing the intercepted message\325) 72 672 P
-0.54 (s integrity check with those of the plain-) 350.22 672 P
0.74 (texts would show precisely which one the intercepted message corresponded to.) 72 652 P
3 F
0.62 (39) 462.82 656.8 P
0 F
0.74 ( Note that the) 472.81 652 P
-0.08 (information is associated with the sender and not the recipient, so this line should only occur after) 72 632 P
(the ) 72 612 T
5 F
(Originator-ID) 89.65 612 T
0 F
( \336eld. In Figure 3, the header \336eld) 183.2 612 T
5 F
(MIC-Info: RSA-MD2,RSA,) 72 588 T
( 5rDqUcMlK1Z6720dcBWGGsDLpTpSCnpotJ6UiRRGcDSvzrsoK+oNvqu6z7Xs5Xfz) 72 574 T
0 F
-0.69 (and its location show that the message integrity check was computed using the RSA-MD2 Message) 72 552 P
0.64 (Digest Algorithm, and encrypted using the RSA algorithm and ) 72 532 P
2 F
0.64 (someone@somewher) 381.55 532 P
0.64 (e.com) 482.74 532 P
0 F
0.64 (\325) 511.05 532 P
0.64 (s pri-) 514.38 532 P
(vate key) 72 512 T
(.) 111.52 512 T
4 F
(4. Key Management Infrastructur) 72 480 T
(e) 246.32 480 T
0 F
-0.43 (If asymmetric interchange keys are used, a method for ensuring that correct public keys are) 108 456 P
-0.33 (made available must be provided; without such assurance, an active wiretapper could spoof the in-) 72 436 P
1.14 (tended recipient and read the sender) 72 416 P
1.14 (\325) 251.01 416 P
1.14 (s supposedly private message. The privacy-enhanced mail) 254.35 416 P
0.01 (protocol suggests using X.509 [1) 72 396 P
0.01 (1] compliant certi\336cates containing an entity name, a public key) 229.86 396 P
0.01 (,) 537 396 P
0.11 (an issuer name, and a digital signature created by the issuer based on its public key and the infor-) 72 376 P
(mation in the certi\336cate. This section presents the architecture for managing those certi\336cates.) 72 356 T
4 F
(4.1. Overview of Certi\336cate Management Ar) 72 324 T
(chitectur) 299.26 324 T
(e) 345.01 324 T
0 F
0.43 (The architecture envisions a set of trees with the inner nodes being or) 108 300 P
0.43 (ganizations entitled) 445.97 300 P
-0.1 (to issue certi\336cates. The root of each tree will be a ) 72 280 P
2 F
-0.1 (top-level certi\336cation authority) 315.41 280 P
0 F
-0.1 (; each of the in-) 465.12 280 P
-0.04 (ner nodes will be a ) 72 260 P
2 F
-0.04 (certi\336cation) 165.41 260 P
0 F
-0.04 ( ) 223.38 260 P
2 F
-0.04 (authority) 226.34 260 P
0 F
-0.04 (. The leaves are subjects to whom certi\336cates are issued,) 269.54 260 P
-0.27 (and who are not authorized to issue certi\336cates themselves. The next tier is composed of or) 72 240 P
-0.27 (ganiza-) 504.7 240 P
0.16 (tions who may certify users; the next tier is composed of or) 72 220 P
0.16 (ganizations who may certify other or-) 358.34 220 P
-0.09 (ganizations, and so forth. In all cases a certifying authority may only certify those entities directly) 72 200 P
-0.4 (beneath it. The top-level certifying authority \050or any certifying authority) 72 180 P
-0.4 (, for that matter\051 establish-) 414.03 180 P
0.09 (es its own procedures for and rules for determining what entities it will certify) 72 160 P
0.09 (, how those entities) 447.12 160 P
-0.47 (request certi\336cation, and how the certi\336cation is done.) 72 140 P
3 F
-0.39 (40) 328.85 144.8 P
0 F
-0.47 ( This arrangement of certifying authorities) 338.84 140 P
(within each tree is a subset of the certi\336cation hierarchy allowed under X.509.) 72 120 T
-0.18 (The problem of transmitting and obtaining certi\336cates for use with privacy-enhanced elec-) 108 96 P
0.56 (tronic mail in the absence of ubiquitous directories containing certi\336cates is solved by including) 72 76 P
FMENDPAGE
%%EndPage: "17" 18
%%Page: "18" 18
612 792 0 FMBEGINPAGE
72 745.99 540 756 R
7 X
0 K
V
72 32.69 540 42.7 R
V
0 F
0 X
(Page 18 of 44) 473.71 34.7 T
72 72 540 720 R
7 X
V
0 X
1.18 (one or more instances of two optional encapsulated header \336elds in the privacy-enhanced mail) 72 712 P
(message. The encapsulated header \336eld) 72 692 T
3 F
(41) 261.51 696.8 T
5 F
(Certificate: ) 190.86 668 T
6 F
(encoded_certificate) 284.41 668 T
0 F
0.15 (contains the sender) 72 650 P
0.15 (\325) 164.68 650 P
0.15 (s certi\336cate as a bit stream represented as a string of printable encoding char-) 168.01 650 P
-0.26 (acters using the encoding transformation. Normally only one such \336eld would be present. Similar-) 72 630 P
(ly) 72 610 T
(, the encapsulated header \336eld) 80.55 610 T
3 F
(42) 225.43 614.8 T
5 F
(Issuer-Certificate: ) 165.68 586 T
6 F
(encoded_certificate) 309.6 586 T
0 F
-0.01 (is like the ) 72 568 P
5 F
-0.03 (Certificate) 121.6 568 P
0 F
-0.01 ( \336eld, except that it contains the certi\336cate of the issuer of a certi\336cate.) 200.76 568 P
0.65 (As many of these header \336elds as necessary to enable the recipient to validate the certi\336cates in) 72 548 P
0.56 (either the ) 72 528 P
5 F
1.35 (Certificate) 121.09 528 P
0 F
0.56 ( ) 200.24 528 P
0.56 (or in another ) 203.8 528 P
5 F
1.35 (Issuer-Certificate) 269.77 528 P
0 F
0.56 ( header \336eld may be present.) 399.3 528 P
0.69 (Note that this \336eld is optional, and once directory servers containing certi\336cates become widely) 72 508 P
(available, will fade into disuse. Examples of both these \336elds are given in Figure 3.) 72 488 T
0.23 (W) 108 464 P
0.23 (e now examine the contents of certi\336cates, the management of certi\336cates, and how the) 118.36 464 P
(two relate to one another) 72 444 T
(.) 190.58 444 T
4 F
(4.2. Certi\336cate De\336nition and Use) 72 412 T
0 F
0.88 (A ) 108 388 P
2 F
0.88 (certi\336cate ) 120.54 388 P
0 F
0.88 (binds a public key to an issuing authority) 172.38 388 P
0.88 (, subject \050which may be a user or) 375.3 388 P
-0.36 (some other entity\051, and other information. Each contains a version number indicating which certif-) 72 368 P
0.49 (icate format is used \050currently ) 72 348 P
0.49 (the only format defined is this one, so the version number will be) 221.33 348 P
5 F
-0.55 (0) 72 328 P
0 F
-0.23 (\051,) 79.2 328 P
3 F
-0.19 (43) 86.19 332.8 P
0 F
-0.23 ( a subject identity) 96.18 328 P
-0.23 (, an issuer name, a serial number de\336ned by the issuer \050certifying authority\051) 179.67 328 P
0.46 (and unique to that certifying authority) 72 308 P
0.46 (,) 255.73 308 P
3 F
0.38 (44) 258.73 312.8 P
0 F
0.46 ( a validity period during which the certi\336cate is valid,) 268.72 308 P
3 F
0.38 (45) 530.01 312.8 P
0 F
0.67 (the subject\325) 72 288 P
0.67 (s public key) 127.64 288 P
0.67 (, and a certi\336cate signature binding all the above information together) 186.17 288 P
0.67 (.) 527.01 288 P
3 F
0.56 (46) 530.01 292.8 P
0 F
-0.23 (The signature is generated by computing a hash of the certi\336cate and encrypting both the hash and) 72 268 P
-0.38 (the algorithm identi\336er of the hash algoriothm with the certifying authority\325) 72 248 P
-0.38 (s private key) 431.36 248 P
-0.38 (. Current-) 491.12 248 P
1.92 (ly the only hash algorithms for the signature are the RSA Message Digest Algorithms RSA-) 72 228 P
(MD2.) 72 208 T
3 F
(47) 100.32 212.8 T
0 F
( An example certi\336cate is shown in \336gure 7. ) 110.31 208 T
4 F
(4.2.1. Identity and Distinguished Names) 72 176 T
0 F
0.24 (Both issuers and subjects must be identi\336ed unambiguously; the mechanism chosen to do) 108 152 P
0.05 (this is the ) 72 132 P
2 F
0.05 (Distinguished) 121.14 132 P
0 F
0.05 ( ) 187.78 132 P
2 F
0.05 (Name) 190.83 132 P
0 F
0.05 (,) 218.81 132 P
3 F
0.05 (48) 221.81 136.8 P
0 F
0.05 ( which is a set of attributes containing a key and a value. An ex-) 231.8 132 P
(ample of a typical Distinguished Name might be:) 72 112 T
(/C=US/O=Dartmouth College/OU=Dept. of Math & CS/CN=Matt Bishop/) 126.39 88 T
FMENDPAGE
%%EndPage: "18" 19
6 10 /Courier FMDEFINEFONT
7 10 /Courier-Oblique FMDEFINEFONT
%%Page: "19" 19
612 792 0 FMBEGINPAGE
72 745.99 540 756 R
7 X
0 K
V
72 32.69 540 42.7 R
V
0 F
0 X
(Page 19 of 44) 473.71 34.7 T
72 72 540 720 R
7 X
V
67.5 72 544.5 720 C
67.5 72 544.5 720 R
7 X
0 K
V
71.96 81 539.96 720 R
V
6 F
0 X
(30 82 01 94) 71.96 713.33 T
(30 82 01 32) 89.96 703.33 T
({ ) 233.96 703.33 T
7 F
(version, serial numbers \050defaults 0) 245.96 703.33 T
0 F
(\051) 455.84 703.33 T
3 F
( }) 459.84 703.33 T
6 F
(02 01 01) 107.96 693.33 T
({ ) 233.96 693.33 T
7 F
(serial number \0501\051 ) 245.96 693.33 T
6 F
(}) 353.9 693.33 T
(30 0a) 89.96 683.33 T
({ ) 233.96 683.33 T
7 F
(signature information ) 245.96 683.33 T
6 F
(}) 377.89 683.33 T
(06 04 55 08 03 02) 107.96 673.33 T
({) 233.96 673.33 T
7 F
( algorithm) 239.96 673.33 T
6 F
( ) 299.93 673.33 T
7 F
(\050MD2 hash, RSA signature\051) 305.92 673.33 T
6 F
( }) 455.84 673.33 T
(02 02 02 78) 107.96 663.33 T
( ) 173.93 663.33 T
({ ) 233.96 663.33 T
7 F
(parameter \050632\051 ) 245.96 663.33 T
6 F
(}) 341.9 663.33 T
(30 49) 89.96 653.33 T
({ ) 233.96 653.33 T
7 F
(issuer\325s distinguished name ) 245.96 653.33 T
6 F
(}) 413.86 653.33 T
(31 0b 30 09 06 03 55 04 06 13 02 55 53) 107.96 643.33 T
( ) 335.84 643.33 T
({) 341.83 643.33 T
7 F
( country) 347.83 643.33 T
6 F
( }) 395.81 643.33 T
(13 02 55 53) 125.96 633.33 T
({ US }) 233.96 633.33 T
(31 1a 30 18 06 03 55 04 0a) 107.96 623.33 T
({ ) 287.96 623.33 T
7 F
(organization ) 299.96 623.33 T
6 F
(}) 377.92 623.33 T
(13 11 44 61 72 74 6d 6f 75 74 68 20 43 6f 6c 6c 65 67 65) 125.96 613.33 T
({ Dartmouth College }) 233.96 603.33 T
(31 1e ) 107.96 593.33 T
(30 1c ) 143.94 593.33 T
(06 03 55 04 0b) 179.92 593.33 T
({ ) 287.96 593.33 T
7 F
(organizational unit) 299.96 593.33 T
6 F
( }) 413.89 593.33 T
(13 15 44 65 70 74 2e 20 6f 66 20 4d 61 74 68 2e 20 26 20 43 2e 53 2e) 125.96 583.33 T
({ Dept. of Math. & C.S. }) 233.96 573.33 T
(30 1a) 89.96 563.33 T
({ ) 233.96 563.33 T
7 F
(validity period ) 245.96 563.33 T
6 F
(}) 341.9 563.33 T
(17 0b 39 30 30 33 31 36 31 32 30 30 5a) 107.96 553.33 T
({) 359.96 553.33 T
7 F
( from) 365.96 553.33 T
6 F
( 3/16/90 at 12:00 GMT }) 395.94 553.33 T
(17 0b 39 32 30 33 31 36 31 32 30 30 5a) 107.96 543.33 T
({) 359.96 543.33 T
7 F
( to) 365.96 543.33 T
6 F
( 3/16/92 at 12:00 GMT }) 383.95 543.33 T
(30 5f) 89.96 533.33 T
({ ) 233.96 533.33 T
7 F
(subject\325s distinguished name ) 245.96 533.33 T
6 F
(}) 419.86 533.33 T
(31 0b 30 09 06 03 55 04 06) 107.96 523.33 T
({ ) 287.96 523.33 T
7 F
(country ) 299.96 523.33 T
6 F
(}) 347.93 523.33 T
(13 02 55 53 ) 125.96 513.33 T
({ US }) 233.96 513.33 T
(31 1a 30 18 06 03 55 04 0a) 107.96 503.33 T
({ ) 287.96 503.33 T
7 F
(organization ) 299.96 503.33 T
6 F
(}) 377.92 503.33 T
(13 11 44 61 72 74 6d 6f 75 74 68 20 43 6f 6c 6c 65 67 65) 125.96 493.33 T
({ Dartmouth College }) 233.96 483.33 T
(31 1e 30 1c 06 03 55 04 0b) 107.96 473.33 T
({ ) 287.96 473.33 T
7 F
(organizational unit) 299.96 473.33 T
6 F
( }) 413.89 473.33 T
(13 15 44 65 70 74 2e 20 6f 66 20 4d 61 74 68 2e 20 26 20 43 2e 53 2e) 125.96 463.33 T
({ Dept. of Math. & C.S. }) 233.96 453.33 T
(31 14 30 12 06 03 55 04 03) 107.96 443.33 T
( 13 0b) 263.88 443.33 T
({ ) 323.96 443.33 T
7 F
(common) 335.96 443.33 T
6 F
( ) 371.94 443.33 T
7 F
(name ) 377.93 443.33 T
6 F
(}) 407.92 443.33 T
(4d 61 74 74 20 42 69 73 68 6f 70 69 73 68 6f 70) 125.96 433.33 T
({ Matt Bishop }) 431.96 433.33 T
(30 59 30 0) 89.96 423.33 T
(a) 149.93 423.33 T
({ ) 233.96 423.33 T
7 F
(subject\325s public key information ) 245.96 423.33 T
6 F
(}) 443.85 423.33 T
(06 04 55 08 03 02) 107.96 413.33 T
({ ) 233.96 413.33 T
7 F
(algorithm) 245.96 413.33 T
6 F
( ) 299.93 413.33 T
7 F
(\050RSA signature, MD2 hash\051) 305.92 413.33 T
6 F
( }) 455.84 413.33 T
(02 02 02 00) 107.96 403.33 T
({ ) 233.96 403.33 T
7 F
(length \050512; here, the modulus size in bits\051) 245.96 403.33 T
6 F
( }) 509.81 403.33 T
(03 4b 00 30 48) 107.96 393.33 T
({ ) 233.96 393.33 T
7 F
(modulus) 245.96 393.33 T
6 F
( }) 287.93 393.33 T
(02 41 00 cf 77 fd 00 aa e3 46 2c 66 ee 7c 2b fd de 2d 09 ed 2a 3e dd 3c) 107.96 383.33 T
(a1 93 98 68 f9 95 96 8e 17 9e a8 92 8c 4a 7c b8 4f 92 fe 02 7c ab) 143.96 373.33 T
(d5 09 9a ff 8d b8 1e f2 f4 80 b0 6d e8 30 fa 62 ca 09 90 f7 e5) 143.96 363.33 T
({) 233.96 353.33 T
(10866017727492218440042295274990800056806083243-) 251.96 353.33 T
(77396246750949131125699891639786361314357176306-) 251.96 343.33 T
(10202659399114672481140199313984031350744785286-) 251.96 333.33 T
(19036491708389 }) 251.96 323.33 T
(02 03 01 00 01) 107.96 313.33 T
({ ) 233.96 313.33 T
7 F
(exponent \05065537\051 ) 245.96 313.33 T
6 F
(}) 347.9 313.33 T
(30 0a) 89.96 303.33 T
({ ) 233.96 303.33 T
7 F
(signature) 245.96 303.33 T
6 F
( }) 299.93 303.33 T
(06 04 55 08 03 02) 107.96 293.33 T
({ ) 233.96 293.33 T
7 F
(algorithm) 245.96 293.33 T
6 F
( ) 299.93 293.33 T
7 F
(\050MD2 hash, RSA signature\051) 305.92 293.33 T
6 F
( }) 455.84 293.33 T
(02 02 02 78) 107.96 283.33 T
( ) 173.93 283.33 T
({ ) 233.96 283.33 T
7 F
(parameter \050632\051 ) 245.96 283.33 T
6 F
(}) 341.9 283.33 T
(03 50 00 42 e3 50 db c2 1b da a1 cd 0d 2b 70 e6 66 5f 59 29 91 dc 28 76) 107.96 273.33 T
(df 2a ef a1 7a c2 7d 13 99 e0 ea e8 d4 7e 5a 18 70 0e 73 b8 c1 cc) 143.96 263.33 T
(68 98 27 a6 f2 aa f2 d5 0b 43 69 a0 64 16 92 8a 7c ed cd e3 45 b0) 143.96 253.33 T
(8e 54 a8 06 36 24 3e 04 f0 28 84 20 75 a1) 143.96 243.33 T
0 F
-0.51 (Figure 7. An example of a certificate. The certificate is a bit stream encoded as described in section) 71.96 228 P
0.29 (3.1.3. For illustrative purposes, here the bits are grouped into hex digits, and formatted and com-) 71.96 208 P
-0.73 (mented to show what information is included in the certificate. The signature may be checked using) 71.96 188 P
0.18 (the issuer public key 31 86 38 84 a5 a5 6a 53 7a 8c 5c 79 80 1c 63 fd 98 51 13 36 ae 14 de 61 f8) 71.96 168 P
-0.18 (e2 1b f0 81 a2 1c bd 02 68 6f 63 ea 2a 9f 8c c1 8d 1a 0d c6 f7 a1 0f 74 8d 9d 90 5b 0a 50 56 d0 57) 71.96 148 P
0.12 (93 bb 37 76 9a a9 2b ef a9 16 a8 dc 20 99 fb da 1a cb e9 91 ae 00 \050hex\051; note that this public key) 71.96 128 P
-0.3 (is ) 71.96 108 P
2 F
-0.3 (not ) 82.67 108 P
0 F
-0.3 (RSA Data Security, Inc.\325s public key, but merely one used to generate this example of a cer-) 100.7 108 P
(tificate.) 71.96 88 T
0 0 612 792 C
FMENDPAGE
%%EndPage: "19" 20
%%Page: "20" 20
612 792 0 FMBEGINPAGE
72 745.99 540 756 R
7 X
0 K
V
72 32.69 540 42.7 R
V
0 F
0 X
(Page 20 of 44) 473.71 34.7 T
72 72 540 720 R
7 X
V
0 X
0.59 (where \322Matt Bishop\323 is the subject\325) 72 505 P
0.59 (s Common Name,) 246.5 505 P
3 F
0.49 (49) 334.64 509.8 P
0 F
0.59 ( \322Dept. of Math & CS\323 is the Or) 344.63 505 P
0.59 (ganiza-) 504.7 505 P
0.29 (tional Unit name, \322Dartmouth College\323 the Or) 72 485 P
0.29 (ganizational name, and \322US\323 the Country name.) 296.4 485 P
3 F
0.25 (50) 530.01 489.8 P
0 F
-0.31 (The allowed Distinguished Name attributes and what they signify are shown in Figure 8; precisely) 72 465 P
(which attributes may be used depends on which kind of Distinguished Name is being used:) 72 445 T
3 F
(51) 509.05 449.8 T
0 F
(1.) 72 421 T
-0.03 (A ) 90 421 P
2 F
-0.03 (certifying authority) 101.63 421 P
0 F
-0.03 ( is an entity authorized to issue certi\336cates, and the Distinguished Name) 194.55 421 P
0.45 (of such an authority ) 90 401 P
2 F
0.45 (always) 190.39 401 P
0 F
0.45 ( appears in the issuer \336eld. As such an authority is ) 223.71 401 P
2 F
0.45 (never) 472.49 401 P
0 F
0.45 ( an indi-) 499.13 401 P
-0.05 (vidual, it has no associated Common Name or T) 90 381 P
-0.05 (itle.) 320.67 381 P
3 F
-0.05 (52) 338.99 385.8 P
0 F
-0.05 ( Further) 348.99 381 P
-0.05 (, the Country in which the certi-) 386.76 381 P
1.42 (fying Authority resides \050or the Or) 90 361 P
1.42 (ganization Name, if it is a multinational entity\051, must be) 258.41 361 P
1.69 (present. Further identifying information \050such as the Locality) 90 341 P
1.69 (, Or) 394.87 341 P
1.69 (ganizational Unit, and so) 415 341 P
(forth\051 must be present if necessary to unambiguously identify the issuing authority) 90 321 T
(.) 485.3 321 T
(2.) 72 297 T
0.3 (A ) 90 297 P
2 F
0.3 (r) 101.96 297 P
0.3 (esidential person) 106.18 297 P
0 F
0.3 ( is an entity not claiming af) 188.76 297 P
0.3 (\336liation with any or) 321.58 297 P
0.3 (ganization, for example a) 417.21 297 P
-0.34 (person who obtains a certi\336cate for private use. The Distinugished Name must unabmbiguous-) 90 277 P
(ly identify the person by providing an address. No or) 90 257 T
(ganizational attributes may be given.) 343.61 257 T
(3.) 72 233 T
0.24 (An ) 90 233 P
2 F
0.24 (or) 107.9 233 P
0.24 (ganizational person) 118.11 233 P
0 F
0.24 ( is an entity claiming af) 213.98 233 P
0.24 (\336liation with an or) 327.91 233 P
0.24 (ganization, for example a) 417.37 233 P
-0.58 (professor whose certi\336cate is issued by \050or on behalf of\051 his college. In its Distinguished Name,) 90 213 P
-0.28 (the Common Name of the person and the Or) 90 193 P
-0.28 (ganization with which he is af) 300.71 193 P
-0.28 (\336liated are required;) 443.31 193 P
(other attributes are optional.) 90 173 T
(4.) 72 149 T
0.73 (An ) 90 149 P
2 F
0.73 (or) 108.39 149 P
0.73 (ganizational r) 118.61 149 P
0.73 (ole) 186.54 149 P
0 F
0.73 ( is a position within an or) 201.2 149 P
0.73 (ganization to which the certi\336cate is tied; it) 327.32 149 P
0.11 (may be \336lled by many people over time, but the certi\336cate stays bound to the role and not the) 90 129 P
-0.44 (individual holding that position. Required attributes of this kind of Distinguished Name are the) 90 109 P
0.05 (Or) 90 89 P
0.05 (ganization and the T) 102.44 89 P
0.05 (itle of the role; other attributes except the Common Name are allowed.) 200.41 89 P
72 72 540 720 C
72 513 540 720 C
72 522 540 720 R
7 X
0 K
V
2 F
0 X
(attribute) 87.34 712 T
(meaning) 231.35 712 T
(1) 378 712 T
(2) 414 712 T
(3) 450 712 T
(4) 486 712 T
(5) 522 712 T
0 F
(C) 104 698 T
(country \050ISO 3166 [20] encoding\051) 180 698 T
(m*) 378 698 T
(m) 414 698 T
(o) 450 698 T
(o) 486 698 T
(o) 522 698 T
(S) 104.67 684 T
(state or province name) 180 684 T
(o) 378 684 T
(m) 414 684 T
(o) 450 684 T
(o) 486 684 T
(o) 522 684 T
(L) 104.34 670 T
(locality name \050) 180 670 T
2 F
(e) 251.95 670 T
0 F
(.) 257.27 670 T
2 F
(g) 260.27 670 T
0 F
(., city\051) 266.27 670 T
(o) 378 670 T
(m) 414 670 T
(o) 450 670 T
(o) 486 670 T
(o) 522 670 T
(O) 103.67 656 T
(or) 180 656 T
(ganization name) 189.77 656 T
(m*) 378 656 T
(-) 414 656 T
(m) 450 656 T
(m) 486 656 T
(o) 522 656 T
(OU) 99.34 642 T
(or) 180 642 T
(ganizational unit name) 189.77 642 T
(o) 378 642 T
(-) 414 642 T
(o) 450 642 T
(o) 486 642 T
(o) 522 642 T
(CN) 99.67 628 T
(common name) 180 628 T
(-) 378 628 T
(m) 414 628 T
(m) 450 628 T
(-) 486 628 T
(m) 522 628 T
(T) 104.34 614 T
(title) 180 614 T
(-) 378 614 T
(-) 414 614 T
(o) 450 614 T
(m) 486 614 T
(-) 522 614 T
(P) 100.89 600 T
(A) 106.45 600 T
(postal address \050) 180 600 T
2 F
(e) 254.61 600 T
0 F
(.) 259.94 600 T
2 F
(g) 262.93 600 T
0 F
(., street or box\051) 268.93 600 T
(o) 378 600 T
(m) 414 600 T
(o) 450 600 T
(o) 486 600 T
(o) 522 600 T
0.05 (Figure 8. Summary of Distinguished Name attributes and their meanings. The columns labelled 1) 72 582 P
0.56 (through 5 indicate whether) 72 568 P
0.56 (, for that kind of Distinguished Name, the attribute is mandatory \050m\051,) 202.09 568 P
(optional \050o\051, or prohibited \050-\051. The columns refer to the following kinds of Distinguished Names:) 72 554 T
(\0501\051 certifying authority; \0502\051 residential person; \0503\051 or) 72 540 T
(ganizational person; \0504\051 or) 323.26 540 T
(ganizational role; ) 449.95 540 T
(\0505\051 distribution list.) 72 526 T
72 522 549 522 2 L
0.5 H
2 Z
N
72 711 540 711 2 L
N
144 720 144 594 2 L
N
360 720 360 594 2 L
N
405 720 405 594 2 L
N
441 720 441 594 2 L
N
477 720 477 594 2 L
N
513 720 513 594 2 L
N
72 72 540 720 C
0 0 612 792 C
FMENDPAGE
%%EndPage: "20" 21
%%Page: "21" 21
612 792 0 FMBEGINPAGE
72 745.99 540 756 R
7 X
0 K
V
72 32.69 540 42.7 R
V
0 F
0 X
(Page 21 of 44) 473.71 34.7 T
72 72 540 720 R
7 X
V
0 X
0.25 (The Common Name is speci\336cally disallowed to prevent confusion between this type of Dis-) 90 712 P
(tinguished Name and that of an or) 90 692 T
(ganizational person.) 253 692 T
(5.) 72 668 T
-0.07 (A distribution list is a collection of users, and mail sent to it is forwarded to all those users. Its) 90 668 P
-0.27 (Distinguished Name requires the Common Name attribute to be the distinguished string ) 90 648 P
5 F
-0.64 (Dis-) 511.21 648 P
-0.03 (tribution List) 90 628 P
0 F
-0.01 ( \050to distinguish it from an individual\051, and allows any other attributes ex-) 190.71 628 P
(cept T) 90 608 T
(itle to be present.) 119.89 608 T
(As another example, the Distinguished Name for the or) 72 584 T
(ganizational role of postmaster might be:) 337.26 584 T
(/C=US/O=USRA/OU=RIACS/OU= Network Systems Division/T=Postmaster/) 116.01 560 T
0.1 (This name contains two hierarchical or) 72 536 P
0.1 (ganizational unit names \050\322Network Systems Division\323 is a) 259.14 536 P
0.06 (branch of \322RIACS\323 which is in turn a research laboratory of \322USRA\323\051. If multiple or) 72 516 P
0.06 (ganizational) 481.38 516 P
(unit names are present, they are taken hierarchically) 72 496 T
(, with the broadest unit \336rst.) 321.01 496 T
3 F
(53) 455.93 500.8 T
0 F
-0.17 (This information is encoded into a certi\336cate using the ASN.1 [6][7] representation shown) 108 472 P
0.35 (in X.509, Annex G, which is part of the international directory standard. This is the same format) 72 452 P
0.07 (as is used for the encoding of the issuer identity in the ) 72 432 P
5 F
0.17 (Originator-ID) 334.66 432 P
0 F
0.07 ( and Recipient-ID lines) 428.21 432 P
(described in section 3.2.1.) 72 412 T
4 F
(4.2.2. Certi\336cation Authorities) 72 380 T
0 F
-0.15 (At the root of each certi\336cation hierarchy is a top-level certifying authority) 108 356 P
-0.15 (. This or) 464.92 356 P
-0.15 (ganiza-) 504.7 356 P
0.19 (tion may issue certi\336cates and it may authorize other or) 72 336 P
0.19 (ganizations to issue certi\336cates, imposing) 339.68 336 P
-0.24 (upon them whatever restrictions it wishes. It may also make agreements with other top-level certi-) 72 316 P
-0.52 (\336cation authorities to allow interoperation across dif) 72 296 P
-0.52 (ferent hierarchies; these agreements are essen-) 319.82 296 P
-0.66 (tially cross-certi\336cation, where each top-level certi\336cation authority generates and makes available) 72 276 P
(certi\336cates for the other) 72 256 T
(.) 185.58 256 T
3 F
(54) 188.58 260.8 T
0 F
-0.22 ( Cross-certi\336cation agreements are not transitive; that is, if one top-level certifying author-) 108 232 P
-0.25 (ity cross-certi\336es a second which in turn cross-certi\336es a third, the \336rst and third are ) 72 212 P
2 F
-0.25 (not) 474.64 212 P
0 F
-0.25 ( cross-cer-) 489.97 212 P
2.83 (ti\336ed. The reason for this restriction is that cross-certi\336cation implies satisfaction with and) 72 192 P
-0.48 (acceptance of legal and certi\336cation procedures of the cross-certi\336ed top-level certi\336cation author-) 72 172 P
-0.01 (ity) 72 152 P
-0.01 (, and that must be done with knowledge of those agreements, not by default. Hence, a certi\336ca-) 83.89 152 P
(tion path may have elements of at most two hierarchies.) 72 132 T
-0.02 (A certifying authority is one which may issue certi\336cates. W) 108 108 P
-0.02 (ith three exceptions to be dis-) 398.51 108 P
-0.09 (cussed in the next section, when a certi\336cate is issued, the issuing certifying authority is vouching) 72 88 P
FMENDPAGE
%%EndPage: "21" 22
%%Page: "22" 22
612 792 0 FMBEGINPAGE
72 745.99 540 756 R
7 X
0 K
V
72 32.69 540 42.7 R
V
0 F
0 X
(Page 22 of 44) 473.71 34.7 T
72 72 540 720 R
7 X
V
0 X
-0.22 (for the identity as embodied in the subject\325) 72 712 P
-0.22 (s Distinguished Name; that is, if an or) 275.35 712 P
-0.22 (ganizational af) 455.5 712 P
-0.22 (\336l-) 526 712 P
-0.52 (iation is shown, such af) 72 692 P
-0.52 (\336liation has been proved, and the public component as embodied within the) 182.63 692 P
-0.58 (certi\336cate belongs to that subject. How such proof is given is up to the certifying authority) 72 672 P
-0.58 (, but may) 496.19 672 P
(be af) 72 652 T
(fected by contracts or licenses with the top-level certifying authority) 95.42 652 T
(.) 422.73 652 T
3 F
(55) 425.73 656.8 T
0 F
-0.45 (A key component of acquiring this proof is the ) 108 628 P
2 F
-0.45 (or) 331.46 628 P
-0.45 (ganizational) 341.68 628 P
0 F
-0.45 ( ) 401.66 628 P
2 F
-0.45 (notary) 404.21 628 P
-0.45 (.) 434.86 628 P
3 F
-0.38 (56) 437.86 632.8 P
0 F
-0.45 ( The or) 447.86 628 P
-0.45 (ganizational) 481.38 628 P
0 (notary is a clearinghouse for certi\336cate orders within an administrative domain such as an or) 72 608 P
0 (gani-) 515.35 608 P
0.26 (zation or or) 72 588 P
0.26 (ganizational unit, and is assumed to be somewhat independent of the users in that ad-) 127.6 588 P
4.05 (ministrative domain. Only those users in the domain may order certi\336cates through that) 72 568 P
0.88 (or) 72 548 P
0.88 (ganizational notary) 81.78 548 P
0.88 (, who accepts and validates the information to be put in the certi\336cate; the) 174.14 548 P
0.39 (manner in which this is done is up to the or) 72 528 P
0.39 (ganization, except for certain minimum requirements) 282.9 528 P
0.04 (which the top-level certifying authority may establish as a condition of making the or) 72 508 P
0.04 (ganization a) 481.67 508 P
0.64 (certifying authority) 72 488 P
0.64 (. If necessary) 164.79 488 P
0.64 (, the notary may alter the period of validity \050to comply with the) 228.89 488 P
-0.5 (policies of the certifying authority\051, the serial number \050to ensure it is unique among all those issued) 72 468 P
-0.15 (by the certifying authority\051, or any other \336eld in the certi\336cate except the user) 72 448 P
-0.15 (\325) 443.52 448 P
-0.15 (s personal name \050in) 446.86 448 P
-0.16 (the Distinguished Name\051 and the user) 72 428 P
-0.16 (\325) 252.54 428 P
-0.16 (s public key) 255.88 428 P
-0.16 (. Under normal circumstances, though, only the) 312.75 428 P
(serial number and validity period are likely to be changed.) 72 408 T
0.63 (The use of an or) 108 384 P
0.63 (ganizational notary has bene\336ts both to the user and to the or) 188.22 384 P
0.63 (ganization.) 487.04 384 P
-0.11 (First, it enables the or) 72 364 P
-0.11 (ganization to validate those to whom it issues certi\336cates quickly and easily) 175.6 364 P
-0.11 (.) 537 364 P
0.17 (Secondly) 72 344 P
0.17 (, the user need not go to an outside party to prove his or her association with the or) 115.86 344 P
0.17 (gani-) 515.35 344 P
0.03 (zation; it can be handled in-house. Third, should the user leave the or) 72 324 P
0.03 (ganization, his or her af) 403.87 324 P
0.03 (\336lia-) 517.34 324 P
0.16 (tion can be repudiated by revoking the certi\336cate. The bene\336ts to the certifying authority are also) 72 304 P
-0.45 (lar) 72 284 P
-0.45 (ge, residing mainly in the ability to delegate the job of verifying the information provided by the) 84.44 284 P
0.64 (user) 72 264 P
0.64 (. Since there will be far fewer or) 91.32 264 P
0.64 (ganizational notaries than users, they can be screened more) 250.78 264 P
(carefully) 72 244 T
(.) 113.85 244 T
3 F
(57) 116.84 248.8 T
0 F
0.1 (A certifying authority\325) 108 220 P
0.1 (s private key is used to sign certi\336cates and is ) 216.13 220 P
2 F
0.1 (never) 439.01 220 P
0 F
0.1 ( used as a com-) 465.65 220 P
-0.18 (ponent of an interchange key) 72 200 P
-0.18 (, hence a certifying authority\325) 209.71 200 P
-0.18 (s certi\336cate is useful only for validation) 350.55 200 P
1.1 (purposes. This limits the damage should such a private key be compromised; while certi\336cates) 72 180 P
0.72 (could be for) 72 160 P
0.72 (ged \050until the corresponding public key certi\336cate were revoked\051, privacy-enhanced) 131.18 160 P
-0.55 (messages protected using certi\336cates issued before the compromise by the compromised certifying) 72 140 P
0.31 (authority would still be protected.) 72 120 P
3 F
0.26 (58) 235.49 124.8 P
0 F
0.31 ( \050Of course, an attacker could use the private key to generate) 245.48 120 P
-0.17 (for) 72 100 P
-0.17 (ged certi\336cates and date them before the compromise; hence, all certi\336cates issued by the com-) 85.77 100 P
-0.11 (promised certifying authority should be considered suspect when its private key is compromised.\051) 72 80 P
FMENDPAGE
%%EndPage: "22" 23
6 10 /Times-Bold FMDEFINEFONT
%%Page: "23" 23
612 792 0 FMBEGINPAGE
72 745.99 540 756 R
7 X
0 K
V
72 32.69 540 42.7 R
V
0 F
0 X
(Page 23 of 44) 473.71 34.7 T
72 72 540 720 R
7 X
V
0 X
0.65 (Finally) 108 712 P
0.65 (, even though there may be other certifying authorities between the issuer and the) 141.21 712 P
0.22 (top-level certifying authority) 72 692 P
0.22 (, all certi\336cate hierarchies follow the convention that each certifying) 210.24 692 P
0.79 (authority\325) 72 672 P
0.79 (s certi\336cate is signed by the top-level certifying authority) 118.64 672 P
0.79 (. This shortens the certi\336cate) 398.62 672 P
(validation procedure, described below) 72 652 T
(.) 254.41 652 T
3 F
(59) 257.41 656.8 T
4 F
(4.2.3. Conventions and Special Certi\336cates) 72 620 T
6 F
(60) 289.55 624.8 T
0 F
0.17 (Under normal circumstances, a person obtaining a certi\336cate with an associated or) 108 596 P
0.17 (ganiza-) 504.7 596 P
0.57 (tion in the subject name is presumed to be closely af) 72 576 P
0.57 (\336liated in some way with that or) 328.61 576 P
0.57 (ganization.) 487.04 576 P
0.1 (Under certain circumstances, such af) 72 556 P
0.1 (\336liation may not be desired, for example if the person is vis-) 249.04 556 P
0.06 (itingfor a limited period of time. In this case, the certifying authority may issue a ) 72 536 P
2 F
0.06 (guest certi\336cate) 463.66 536 P
0 F
-0.5 (in which the \336nal attribute of the issuing authority name is an Or) 72 516 P
-0.5 (ganizational Unit name with a val-) 376.27 516 P
-0.05 (ue the distinguished string ) 72 496 P
5 F
-0.13 (Guest) 201.04 496 P
0 F
-0.05 (. For example, if the certifying authority Dartmouth College is-) 237.02 496 P
(sues a certi\336cate to visiting professor T) 72 476 T
(om Jones, the issuing authority name would be) 259.7 476 T
(/C=US/O=Dartmouth College/OU=Guest/) 204.4 452 T
(and the subject name would be) 72 428 T
(/C=US/O=Dartmouth College/OU=Guest/OU=Dept. of Math & CS/CN=T) 102.78 404 T
(om Jones/) 460.91 404 T
0.12 (Note that a guest certi\336cate af) 72 380 P
0.12 (\336rms the identity of the user; it merely asserts a weak, rather than a) 215.95 380 P
-0.4 (strong, af) 72 360 P
-0.4 (\336liation with the or) 116.69 360 P
-0.4 (ganization. Of course, the certifying authority cannot issue such a cer-) 207.57 360 P
(ti\336cate for a member of another or) 72 340 T
(ganization.) 236.98 340 T
0.13 (A similar type of certi\336cate, the ) 108 316 P
2 F
0.13 (notary certi\336cate) 264.35 316 P
0 F
0.13 (, asserts that the user) 346.76 316 P
0.13 (\325) 447.33 316 P
0.13 (s identity has been) 450.66 316 P
0.65 (proved to the certifying authority but that no or) 72 296 P
0.65 (ganizational af) 303.48 296 P
0.65 (\336liations are present. This is most) 374.85 296 P
0.43 (useful when certi\336cates are issued to residential persons, and in fact notary certi\336cates may only) 72 276 P
-0.23 (be used for that type of entity; they my never be used for an or) 72 256 P
-0.23 (ganizational person or role \050nor cer-) 368.31 256 P
-0.32 (tifying authority or distribution list\051. In this case, the \336nal attribute of the issuing authority name is) 72 236 P
-0.04 (an Or) 72 216 P
-0.04 (ganizational Unit name with a value the distinguished string ) 98.72 216 P
5 F
-0.1 (Notary) 389.85 216 P
0 F
-0.04 (. For example, if Dart-) 432.24 216 P
(mouth College issues a residential certi\336cate to T) 72 196 T
(om Jones, the issuing authority name would be) 308.01 196 T
(/C=US/O=Dartmouth College/OU=Notary/) 201.74 172 T
(and the subject name might be) 72 148 T
(/C=US/S=New Hampshire/L=Hanover/CN=T) 171.63 124 T
(om Jones/) 392.06 124 T
-0.14 (Under other circumstances, holders of certi\336cates may wish to remain anonymous, but en-) 108 100 P
0.28 (sure that recipients of successive letters be aware that the letters came from the same sender) 72 80 P
0.28 (, and) 516.4 80 P
FMENDPAGE
%%EndPage: "23" 24
%%Page: "24" 24
612 792 0 FMBEGINPAGE
72 745.99 540 756 R
7 X
0 K
V
72 32.69 540 42.7 R
V
0 F
0 X
(Page 24 of 44) 473.71 34.7 T
72 72 540 720 R
7 X
V
0 X
0.3 (to ensure integrity and/or privacy; this essentially preserves the anonymity currently provided by) 72 559 P
-0.69 (the ability to use arbitrary electronic mail names. One possible use may be to report a security prob-) 72 539 P
-0.52 (lem anonymously) 72 519 P
-0.52 (. A certifying authority may issue ) 156.32 519 P
2 F
-0.52 (persona certi\336cates) 317.43 519 P
0 F
-0.52 ( in which it explicitly is not) 411.18 519 P
-0.33 (vouching for the identity of the user) 72 499 P
-0.33 (. The \336nal attribute of the issuing authority name in such a cer-) 241.88 499 P
-0.72 (ti\336cate is an Or) 72 479 P
-0.72 (ganizational Unit name with a value the distinguished string ) 143.25 479 P
5 F
-1.72 (Persona) 428.28 479 P
0 F
-0.72 (. T) 478.65 479 P
-0.72 (o continue) 490.42 479 P
(the example, if Certi\336cates, Inc. issued a persona certi\336cate, the issuing authority name would be) 72 459 T
(/C=US/O=Certi\336cates, Inc./OU=Persona/) 206.08 435 T
0.5 (In such a certi\336cate, the subject name should be considered arbitrary and in no way re\337ective of) 72 411 P
(the identity of the user to whom the certi\336cate was issued.) 72 391 T
0.08 (Figure 9 summarizes the representations of the certifying authority with respect to subject) 108 367 P
(identity and or) 72 347 T
(ganizational af) 141.74 347 T
(\336liation for these types of certi\336cates.) 212.47 347 T
4 F
(4.2.4. Certi\336cate V) 72 315 T
(alidation) 166.48 315 T
0 F
0.86 (Checking the validity of a certi\336cate is straightforward. As noted above, each certi\336cate) 108 291 P
-0.6 (contains an entity name, a public key) 72 271 P
-0.6 (, an issuer name, a digital signature created by the issuer based) 245.83 271 P
0.59 (on its private key and the information in the certi\336cate, and some other information. T) 72 251 P
0.59 (o validate) 492.45 251 P
-0.71 (that the certi\336cate has not been altered, one need only obtain the issuer) 72 231 P
-0.71 (\325) 403.3 231 P
-0.71 (s certi\336cate, extract the pub-) 406.63 231 P
-0.56 (lic key) 72 211 P
-0.56 (, and use that to decrypt the digital signature on the certi\336cate in question. If this dif) 102.97 211 P
-0.56 (fers from) 496.26 211 P
0.41 (the \050locally computed\051 hash of the certi\336cate in question, that certi\336cate is bogus. The certi\336cate) 72 191 P
-0.27 (of the issuer may be checked using the same procedure once the certi\336cate of the top-level certify-) 72 171 P
(ing authority \050which will be widely publicized\051 is obtained.) 72 151 T
3 F
(61) 356.82 155.8 T
0 F
-0.26 (Note that the convention of having the top-level certi\336cation authority certify all other cer-) 108 127 P
0.58 (ti\336cation authorities in its domain means that within a domain, validation requires checking two) 72 107 P
-0.14 (certi\336cates. If the original certi\336cate came from another domain which is cross-certi\336ed by the lo-) 72 87 P
72 72 540 720 C
72 567 540 720 C
72 567 540 720 R
7 X
0 K
V
72 576 540 720 R
V
2 F
0 X
(certi\336cate) 117 712 T
(degr) 225 712 T
(ee of af\336liation) 246.54 712 T
(certainty of identity) 369 712 T
0 F
(persona) 117 698 T
(none) 252 698 T
(none) 396 698 T
(notary) 117 684 T
(none) 252 684 T
(strong) 396 684 T
(guest) 117 670 T
(tenuous) 252 670 T
(strong) 396 670 T
(other) 117 656 T
(strong) 252 656 T
(strong) 396 656 T
-0.17 (Figure 9. How the dif) 72 638 P
-0.17 (ferent types of certi\336cates bind subject \050user\051 identity and af) 174.7 638 P
-0.17 (\336liation with or-) 461.71 638 P
0.76 (ganizations named in the subject\325) 72 624 P
0.76 (s Distinguished Name. The entries indicate the representations) 234.92 624 P
-0.45 (being made by the certifying authority in each case; so, for example, in a notary certi\336cate, the cer-) 72 610 P
0.24 (tifying authority has veri\336ed the user) 72 596 P
0.24 (\325) 251.21 596 P
0.24 (s identity but makes no claims about any or) 254.55 596 P
0.24 (ganizational af-) 464.82 596 P
(\336liations.) 72 582 T
198 720 198 657 2 L
0.5 H
2 Z
N
351 720 351 657 2 L
N
72 576 540 576 2 L
N
108 711 477 711 2 L
N
72 72 540 720 C
0 0 612 792 C
FMENDPAGE
%%EndPage: "24" 25
%%Page: "25" 25
612 792 0 FMBEGINPAGE
72 745.99 540 756 R
7 X
0 K
V
72 32.69 540 42.7 R
V
0 F
0 X
(Page 25 of 44) 473.71 34.7 T
72 72 540 720 R
7 X
V
0 X
0.72 (cal domain\325) 72 712 P
0.72 (s top-level certi\336cation authority) 129.02 712 P
0.72 (, then a third step is necessary: the certi\336cate of the) 287.3 712 P
0.47 (remote top-level certi\336cation authority must be checked by using the local top-level certi\336cation) 72 692 P
0.52 (authority\325) 72 672 P
0.52 (s certi\336cate. So in the worst case, at most three certi\336cates must be validated. Keeping) 118.64 672 P
0.66 (the validation path so short was a primary consideration in de\336ning the convention that the top-) 72 652 P
(level certi\336cation authority certi\336es all certi\336cation authorities in its domain.) 72 632 T
4 F
(4.2.5. Certi\336cate Revocation) 72 600 T
0 F
0.68 ( Each certi\336cate is issued for a limited period of time, and \320 more importantly \320 may be) 108 576 P
0.16 (invalidated or compromised in a number of ways. For example, the entity name might change, or) 72 556 P
-0.06 (the private key associated with the public key in the certi\336cate may be revealed. The international) 72 536 P
-0.43 (standard X.509 places the responsibility for maintaining time-stamped lists of revoked certi\336cates,) 72 516 P
0.06 (as well as revoked certi\336cates representing certifying authorities, upon the certifying authority is-) 72 496 P
0.69 (suing the certi\336cates. So the serial number of the compromised certi\336cate is added to a revoked) 72 476 P
0.57 (certi\336cate list maintained by the certifying authority issuing the certi\336cate. This list is signed by) 72 456 P
-0.34 (the private key of the certifying authority) 72 436 P
-0.34 (, is dated, and contains the date at which the next revoked) 267 436 P
-0.25 (certi\336cate list will be issued. Although an addition to the format prescribed by X.509, this date en-) 72 416 P
0.69 (ables a site to determine if the revoked list is the most recent one from that certifying authority) 72 396 P
0.69 (.) 537 396 P
0.6 (Note that this requires a new list to be issued at the stated time even if no certi\336cates have been) 72 376 P
(revoked; however) 72 356 T
(, it also allows a site to determine if the list is out of date.) 157.78 356 T
3 F
(62) 432.28 360.8 T
0 F
-0.17 (T) 108 332 P
-0.17 (op-level certifying authorities are required to establish a database which maintains certif-) 114.49 332 P
0.76 (icate revocation lists for all certi\336cation authorities in its domain, and that is accessible through) 72 312 P
0.8 (electronic mail. Further) 72 292 P
0.8 (, all certifying authorities must transmit their current list to the top-level) 186.04 292 P
(certifying authority as well as to users and user agents within their domain.) 72 272 T
0.08 (T) 108 248 P
0.08 (ransmission of the lists may be done in a number of ways. The currently-de\336ned mecha-) 114.91 248 P
0.52 (nism is to use privacy-enhanced mail to propagate these certi\336cate revocation lists. Such a letter) 72 228 P
0.03 (contains at most three header \336elds: a ) 72 208 P
5 F
0.08 (Certif) 255.76 208 P
0.08 (icate) 298.94 208 P
0 F
0.03 ( \336eld containing the certi\336cate of the certi-) 334.92 208 P
(fying authority issuing the list, any number of ) 72 188 T
5 F
(Issuer-Certificate) 294.87 188 T
0 F
( \336elds, and a ) 424.4 188 T
5 F
(CRL) 488.03 188 T
0 F
( \336eld:) 509.61 188 T
5 F
(CRL: crl_encoded) 248.43 164 T
0 F
-0.41 (containing the certi\336cate revocation list ) 72 146 P
5 F
-0.99 (crl_encoded) 262.8 146 P
0 F
-0.41 ( encoded using the printable encoding de-) 341.96 146 P
(\336ned in section 3.1.3. Future mechanisms may include the use of a USENET newsgroup.) 72 126 T
FMENDPAGE
%%EndPage: "25" 26
7 12 /Symbol FMDEFINEFONT
%%Page: "26" 26
612 792 0 FMBEGINPAGE
72 745.99 540 756 R
7 X
0 K
V
72 32.69 540 42.7 R
V
0 F
0 X
(Page 26 of 44) 473.71 34.7 T
72 72 540 720 R
7 X
V
4 F
0 X
(4.3. Example of a Certifying Authority Hierar) 72 712 T
(chy: RSA Data Security Inc.) 306.96 712 T
0 F
1.19 (The use of this certi\336cation mechanism requires a public key cryptosystem which must) 108 688 P
(meet several conditions:) 72 668 T
(1.) 108 644 T
(it must provide both privacy and authentication;) 126 644 T
(2.) 108 620 T
(it must be \050relatively\051 ef) 126 620 T
(\336cient to implement in either software or hardware;) 241.7 620 T
(3.) 108 596 T
(it must expand the encrypted information as little as possible;) 126 596 T
(4.) 108 572 T
(it must be \050or at least be believed to be\051 cryptographically strong.) 126 572 T
-0.39 (In addition to meeting all these requirements, the RSA cryptographic algorithm [35] is also) 108 548 P
0.37 (the primary algorithm recommended for use in international standards requiring \050or recommend-) 72 528 P
0.33 (ing\051 use of a public key cryptosystem. So the initial asymmetric cryptographic algorithm de\336ned) 72 508 P
(in the proposal is the RSA algorithm.) 72 488 T
-0.54 (The basic requirements for the RSA algorithm in this context are that the modulus size vary) 108 464 P
-0.04 (between 512 and 1024 bits \050or approximately 1.3) 72 444 P
7 F
-0.04 (\264) 307.58 444 P
0 F
-0.04 (10) 314.16 444 P
3 F
-0.03 (155) 326.15 448.8 P
0 F
-0.04 ( and 1.8) 341.14 444 P
7 F
-0.04 (\264) 379.38 444 P
0 F
-0.04 (10) 385.96 444 P
3 F
-0.03 (309) 397.95 448.8 P
0 F
-0.04 (\051,) 412.95 444 P
3 F
-0.03 (63) 419.94 448.8 P
0 F
-0.04 ( and that the public ex-) 429.93 444 P
-0.38 (ponent be either 3 or 2) 72 424 P
3 F
-0.32 (16) 178.33 428.8 P
0 F
-0.38 (+1.) 188.33 424 P
3 F
-0.32 (64) 204.09 428.8 P
0 F
-0.38 ( The former requirement is intended to make determining the private) 214.08 424 P
0.04 (key acceptably hard, and the latter to allow the public key to be the modulus alone rather than the) 72 404 P
0.31 (modulus and the public exponent; the algorithm identi\336er will indicate which of the two is being) 72 384 P
0.56 (used. The public exponent 2) 72 364 P
3 F
0.47 (16) 209.84 368.8 P
0 F
0.56 (+1 was selected because it allows relatively ef) 219.83 364 P
0.56 (\336cient processing) 445.16 364 P
3 F
0.47 (65) 530.01 368.8 P
0 F
-0.2 (and it is recommended by X.509, Annex G. The exponent 3 was chosen because exponentiation is) 72 344 P
0.56 (even faster) 72 324 P
0.56 (. Finally) 124.18 324 P
0.56 (, if the message integrity check must be padded, it is to be padded on the left) 163.95 324 P
-0.42 (with zeroes, and if the data encryption keys must be padded, they are to be padded in the same way) 72 304 P
-0.21 (unless the message is addressed to multiple recipients and the public exponent is 3. In this speci\336c) 72 284 P
-0.02 (case, a pseudorandom 64-bit quantity is to be generated for each recipient and at least one copy is) 72 264 P
(to be placed to the left of the data encryption key before encrypting.) 72 244 T
3 F
(66) 398.08 248.8 T
0 F
0.66 (The RSA algorithm is covered within the United States by patents administered by RSA) 108 220 P
0.65 (Data Security) 72 200 P
0.65 (, Inc. \050These patents do not apply outside the United States or to the United States) 137.49 200 P
-0.48 (government.\051 Currently RSA Data Security) 72 180 P
-0.48 (, Inc. plans to act as a top-level certifying authority) 277.48 180 P
-0.48 (, and) 517.17 180 P
0.71 (the certi\336cates it issues include a license to use the RSA algorithm for certi\336cate validation and) 72 160 P
(encryption and decryption operations to send privacy-enhanced electronic mail.) 72 140 T
3 F
(67) 454.04 144.8 T
FMENDPAGE
%%EndPage: "26" 27
%%Page: "27" 27
612 792 0 FMBEGINPAGE
72 745.99 540 756 R
7 X
0 K
V
72 32.69 540 42.7 R
V
0 F
0 X
(Page 27 of 44) 473.71 34.7 T
72 72 540 720 R
7 X
V
4 F
0 X
(4.3.1. Issuing Organizational Certi\336cates) 72 712 T
0 F
0.08 (A top-level certifying authority must provide for the certi\336cation of lower) 108 688 P
0.08 (-level certifying) 462.98 688 P
0.03 (authorities, and the approach taken by RSA Data Security) 72 668 P
0.03 (, Inc. indicates the care that this process) 348.93 668 P
1.36 (requires to ensure private keys are not compromised. There are two scenarios possible, one in) 72 648 P
0.6 (which the or) 72 628 P
0.6 (ganization signs its own certi\336cates and the other in which RSA Data Security) 132.94 628 P
0.6 (, Inc.) 515.09 628 P
-0.19 (signs certi\336cates on behalf of the or) 72 608 P
-0.19 (ganization. In either case, the or) 241.84 608 P
-0.19 (ganization is the certifying au-) 394.21 608 P
0.03 (thority) 72 588 P
0.03 (. In either case, these or) 103.21 588 P
0.03 (ganizations must \336rst establish with RSA Data Security) 216.7 588 P
0.03 (, Inc. an ap-) 482.97 588 P
0.57 (propriate pair of keys, called \322or) 72 568 P
0.57 (ganization keys,\323 to sign certi\336cates issued by the or) 230.51 568 P
0.57 (ganization.) 487.04 568 P
-0.01 (Either RSA Data Security) 72 548 P
-0.01 (, Inc. will hold the private key and generate and sign certi\336cates for that) 195.43 548 P
-0.15 (or) 72 528 P
-0.15 (ganization, or the or) 81.78 528 P
-0.15 (ganization will hold the key and use it to generate and sign the certi\336cates it) 177.7 528 P
-0.65 (issues. The method for obtaining a certi\336cate for oneself depends on where the or) 72 508 P
-0.65 (ganization private) 454.38 508 P
(key is held.) 72 488 T
4 F
(4.3.1.1. RSA Data Security) 72 456 T
(, Inc. Holds the Organization\325) 207.59 456 T
(s Private Key) 359.73 456 T
0 F
-0.63 (If RSA Data Security) 108 432 P
-0.63 (, Inc. is to sign a certi\336cate on behalf of the or) 208.26 432 P
-0.63 (ganization, the user must) 421.96 432 P
0.33 (\336rst generate a public key and private key pair \050possibly by using special-purpose software\051, and) 72 412 P
0.22 (include the public key in a certi\336cate.He then constructs a prototype privacy-enhanced electronic) 72 392 P
0.02 (mail message with the certi\336cate signed using his own private key) 72 372 P
0.02 (, and sends this to his or) 389.2 372 P
0.02 (ganiza-) 504.7 372 P
-0.2 (tional notary) 72 352 P
-0.2 (. The or) 131.98 352 P
-0.2 (ganizational notary accepts and validates the information in the electronic let-) 168.99 352 P
1.36 (ter) 72 332 P
1.36 (, and then forwards the electronic message to RSA Data Security) 84.17 332 P
1.36 (, Inc. by privacy-enhanced) 408.38 332 P
0.12 (electronic mail; this letter indicates that the or) 72 312 P
0.12 (ganizational notary vouches for the correctness and) 292.81 312 P
0.22 (integrity of the information, and authorizes RSA Data Security Inc. to sign a certi\336cate on behalf) 72 292 P
(of the or) 72 272 T
(ganization.) 112.42 272 T
0.39 (When RSA Data Security) 108 248 P
0.39 (, Inc. receives the electronic and paper letters and its fee, and is) 231.96 248 P
0.65 (convinced all is in order) 72 228 P
0.65 (, it issues a certi\336cate signed with the private key of the or) 190.02 228 P
0.65 (ganization.) 477.04 228 P
3 F
0.54 (68) 530.01 232.8 P
0 F
(This certi\336cate will be valid for two years, at which point a new certi\336cate must be acquired.) 72 208 T
-0.37 (Not surprisingly) 108 184 P
-0.37 (, the fee required when RSA Data Security) 185.15 184 P
-0.37 (, Inc. signs certi\336cates on behalf) 386.96 184 P
0.5 (of the or) 72 164 P
0.5 (ganization is the most controversial point of the scheme; while the fee seems small, if a) 113.42 164 P
0.38 (computer installation has several thousand users and wishes to obtain certi\336cates for all, the cost) 72 144 P
-0.22 (grows rather quickly) 72 124 P
-0.22 (. Possible solutions include having the users buy their own certi\336cates \050which) 170.03 124 P
0.69 (is reasonable since those who do not can still use regular electronic mail\051, or buying certi\336cates) 72 104 P
(only for those for whom the installation deems them a necessity) 72 84 T
(.) 377.69 84 T
FMENDPAGE
%%EndPage: "27" 28
%%Page: "28" 28
612 792 0 FMBEGINPAGE
72 745.99 540 756 R
7 X
0 K
V
72 32.69 540 42.7 R
V
0 F
0 X
(Page 28 of 44) 473.71 34.7 T
72 72 540 720 R
7 X
V
4 F
0 X
(4.3.1.2. The Organization Holds its Organization Private Key) 72 712 T
0 F
-0.39 (Some or) 108 688 P
-0.39 (ganizations may object to the loss of autonomy entailed by giving their private key) 147.7 688 P
-0.18 (to RSA Data Security) 72 668 P
-0.18 (, Inc., or may \336nd the fee for the certi\336cate generation service not to be cost-) 174.96 668 P
0.3 (ef) 72 648 P
0.3 (fective. An alternate arrangement involves attaching to a workstation \050or other computer\051 a de-) 81.1 648 P
0.11 (vice known as a ) 72 628 P
2 F
0.11 (certi\336cate generation unit) 152.38 628 P
0 F
0.11 (.) 277.19 628 P
3 F
0.09 (69) 280.18 632.8 P
0 F
0.11 ( This tamperproof device is like postage meters but) 290.18 628 P
(issues certi\336cates. Or) 72 608 T
(ganizations using these devices are their own ) 174.04 608 T
2 F
(issuing authority) 393.54 608 T
0 F
(.) 473.73 608 T
-0.23 (Figure 10 summarizes the protocols that the certi\336cate generation unit uses. They were de-) 108 584 P
0.01 (signed with two goals in mind: \336rst, that the issuing authority\325) 72 564 P
0.01 (s \050or) 370.31 564 P
0.01 (ganization\325) 391.75 564 P
0.01 (s\051 private key never) 445.05 564 P
0.22 (be transmitted to anyone; and second, that RSA Data Security) 72 544 P
0.22 (, Inc. be able to control the number) 370.29 544 P
-0.03 (of certi\336cates issued \050for royalty purposes\051. T) 72 524 P
-0.03 (o ensure these two goals, the messages sent over the) 289.8 524 P
0.48 (communications channel between the certi\336cate generation unit and RSA Data Security) 72 504 P
0.48 (, Inc. are) 497.08 504 P
0.22 (authenticated \050so they cannot be altered in transit\051 but not encrypted \050so the issuing authority can) 72 484 P
0.35 (be convinced that the certi\336cate generation unit is not sending the issuing authority\325) 72 464 P
0.35 (s private key) 478 464 P
-0.43 (to RSA Data Security) 72 444 P
-0.43 (, Inc.\051; hence, this channel is called the ) 174.22 444 P
2 F
-0.43 (authenticated channel) 360.34 444 P
0 F
-0.43 (. T) 466.17 444 P
-0.43 (o prevent the) 478.23 444 P
1.28 (issuing authority private key from having to be entered manually or downloaded from another) 72 424 P
0.23 (computer \050doing either would ensure the key would be written down or stored in a memory from) 72 404 P
0.37 (which it could be read\051, it is encrypted and stored on a removable key storage device that can be) 72 384 P
-0.02 (inserted \050and removed\051 from the generation unit. When the key is stored, it passes over a commu-) 72 364 P
72 72 540 720 C
72 72 540 342 C
72 72 540 342 R
7 X
0 K
V
360 198 387 234 13.5 RR
V
0.5 H
2 Z
0 X
N
105 237 177 289.61 R
7 X
V
0 Z
0 X
N
1 F
(CGU) 123 263.2 T
(RSA Data Security) 329.61 320.95 T
(, Inc.) 474.52 320.95 T
(local organization) 366.57 284.95 T
177 272.07 324 324 2 L
3 H
2 Z
N
177 245.77 321 219.47 2 L
N
0 F
(authenticated) 207 324.82 T
(channel) 208 311.18 T
231 287.57 242.99 288 233.05 281.28 232.03 284.42 4 Y
V
189 270.46 232.99 284.73 2 L
1 H
N
(IA public key) 222.05 270.82 T
281.94 298.6 269.99 297.46 279.52 304.76 280.73 301.68 4 Y
V
315 315 279.81 301.31 2 L
N
(IA certi\336cate,) 297 297.82 T
(authorization) 297 286.13 T
(secure) 188.37 228.96 T
(channel) 188 215.32 T
229.15 248.13 239.99 243 228.08 241.6 228.61 244.87 4 Y
V
186 251.77 229.6 244.7 2 L
0.5 H
N
(IA private key) 222 251.37 T
(IA secret key) 323.06 180.82 T
320.13 225 378 238 R
N
(IA private key) 443.61 186.6 T
(doubly encrypted) 441 173.6 T
72 74 537 160 R
7 X
V
0 X
0.72 (Figure 10. Protocols for the certi\336cate generation unit. The CGU exchanges public information) 72 152 P
-0.3 (about the issuing authority with RSA Data Security) 72 138 P
-0.3 (, Inc., using a channel on which authentication) 315.95 138 P
0.89 (only is done. The issuing authority\325) 72 124 P
0.89 (s private key is encrypted using a symmetric cryptosystem,) 246.38 124 P
-0.09 (once with the CGU\325) 72 110 P
-0.09 (s secret key and then with the IA) 168.01 110 P
-0.09 (\325) 323.63 110 P
-0.09 (s secret key) 326.96 110 P
-0.09 (, which is stored on a removable) 381.96 110 P
0.45 (key storage device. The doubly-encrypted private key is then stored on a second removable key) 72 96 P
(storage device. Both must be inserted into the CGU before any certi\336cates may be signed.) 72 82 T
360 225 351 216 342 225 333 216 324 225 333 225 6 L
N
7 X
90 450 13.5 13.5 373.5 229.5 G
0 X
90 450 13.5 13.5 373.5 229.5 A
1 F
( \050key storage devices\051) 351 266.95 T
396 216 432 216 2 L
3 H
N
480.87 198 507.87 234 13.5 RR
7 X
V
0.5 H
0 X
N
441 225 498.87 238 R
N
480.87 225 471.87 216 462.87 225 453.87 216 444.87 225 453.87 225 6 L
N
7 X
90 450 13.5 13.5 494.37 229.5 G
0 X
90 450 13.5 13.5 494.37 229.5 A
72 72 540 720 C
0 0 612 792 C
FMENDPAGE
%%EndPage: "28" 29
%%Page: "29" 29
612 792 0 FMBEGINPAGE
72 745.99 540 756 R
7 X
0 K
V
72 32.69 540 42.7 R
V
0 F
0 X
(Page 29 of 44) 473.71 34.7 T
72 72 540 720 R
7 X
V
0 X
0.1 (nications channel secured by symmetric cryptography \050and called the ) 72 712 P
2 F
0.1 (secur) 408.34 712 P
0.1 (e channel) 433.88 712 P
0 F
0.1 (\051; associated) 480.28 712 P
0.13 (with the unit is the certi\336cate generation unit secret key) 72 692 P
0.13 (, used to encrypt the issuing authority pri-) 338.54 692 P
-0.07 (vate key before it is stored on the removable key storage device. Note that this binds the device to) 72 672 P
0.47 (the particular unit. Physical security practises dictate that this information be protected in such a) 72 652 P
-0.4 (way that the loss of the removable key storage device will not compromise the or) 72 632 P
-0.4 (ganization, so be-) 455.87 632 P
-0.69 (fore being stored on the device, the encrypted issuing authority private key is again encrypted using) 72 612 P
-0.41 (a secret key associated with the issuing authority) 72 592 P
-0.41 (. This key is also stored on another removable key) 302.52 592 P
(storage device. Note that both removble key storage devices must physicallky be inserted into the) 72 572 T
0.19 (certi\336cate generation unit before any certi\336cates may be signed, and the device containing the is-) 72 552 P
(suing authority\325) 72 532 T
(s private key must be present when each certi\336cate is generated.) 147.63 532 T
0.4 (When an or) 108 508 P
0.4 (ganization buys a certi\336cate generation unit, the meter comes with the) 164.53 508 P
2 F
0.4 ( certi\336-) 504.63 508 P
-0.59 (cate generation unit private key) 72 488 P
0 F
-0.59 ( \050used for the authenticated channel\051, the) 222.2 488 P
2 F
-0.59 ( certi\336cate generation unit) 414.18 488 P
-0.55 (secr) 72 468 P
-0.55 (et key) 91.54 468 P
0 F
-0.55 ( \050used for the secure channel\051, and RSA Data Security) 118.62 468 P
-0.55 (, Inc.\325) 372.73 468 P
-0.55 (s public key stored in tamper-) 399.83 468 P
-0.07 (proof memory) 72 448 P
-0.07 (. The or) 140.1 448 P
-0.07 (ganization must now generate an ) 177.37 448 P
2 F
-0.07 (issuing authority private key) 337.9 448 P
0 F
-0.07 ( and the asso-) 474.6 448 P
0.22 (ciated public key) 72 428 P
0.22 (. First, the unit generates an ) 153.59 428 P
2 F
0.22 (issuing authority secr) 290.8 428 P
0.22 (et key) 394.73 428 P
0 F
0.22 ( \050for the secure channel\051) 422.58 428 P
-0.3 (and saves it on one removable key storage device. It then generates an RSA key pair \050to be used as) 72 408 P
0.07 (the issuing authority private and public keys\051, signs the new public key with the certi\336cate gener-) 72 388 P
-0.24 (ation unit private key) 72 368 P
-0.24 (, and returns the result to the workstation it is attached to. It then encrypts the) 172.78 368 P
-0.15 (new private key with the certi\336cate generation unit secret key and the issuing authority secret key) 72 348 P
-0.15 (,) 537 348 P
0.71 (and stores the result on a second removable key storage device. The or) 72 328 P
0.71 (ganization can verify the) 418.98 328 P
0.31 (meter generated the issuing authority\325) 72 308 P
0.31 (s key pair by using the generation unit\325) 254.44 308 P
0.31 (s public key to vali-) 443.49 308 P
0.39 (date the issuing authority\325) 72 288 P
0.39 (s public key\051, and at no time does the or) 197.42 288 P
0.39 (ganization itself \050or RSA Data) 392.55 288 P
-0.02 (Security) 72 268 P
-0.02 (, Inc.\051 have access to its issuing authority private key except through using the removable) 111.19 268 P
(key storage devices. This prevents anyone from issuing certi\336cates without proper authorization.) 72 248 T
0.12 (That authorization is provided both by the or) 108 224 P
0.12 (ganization, upon insertion of both removable) 323.52 224 P
0.02 (key storage devices into the certi\336cate meter) 72 204 P
0.02 (, and by RSA Data Security) 285.45 204 P
0.02 (, Inc., which sends the is-) 418 204 P
-0.64 (suing authority an authorization message good for some limited number) 72 184 P
3 F
-0.53 (70) 411.68 188.8 P
0 F
-0.64 ( of certi\336cates. These au-) 421.67 184 P
1.15 (thorization messages are transmitted to the certi\336cate generation unit as they arrive. T) 72 164 P
1.15 (o issue a) 496.38 164 P
0.46 (certi\336cate, the or) 72 144 P
0.46 (ganization \336rst ensures the unsigned certi\336cate resides on the attached worksta-) 153.64 144 P
-0.66 (tion. The issing authority private key is supplied by inserting the key storage devices into the meter) 72 124 P
-0.66 (,) 537 124 P
0.43 (which then decrypts the private key) 72 104 P
0.43 (. Then for each user) 244.26 104 P
0.43 (, the issuing authority sends the meter an) 341.09 104 P
-0.05 (unsigned certi\336cate; the meter checks that the serial number of the certi\336cate sequentially follows) 72 84 P
FMENDPAGE
%%EndPage: "29" 30
%%Page: "30" 30
612 792 0 FMBEGINPAGE
72 745.99 540 756 R
7 X
0 K
V
72 32.69 540 42.7 R
V
0 F
0 X
(Page 30 of 44) 473.71 34.7 T
72 72 540 720 R
7 X
V
0 X
0.29 (the serial number of the previous certi\336cate, that the certi\336cate is in the correct ASN.1 encoding,) 72 712 P
-0.41 (that the subject belongs to the or) 72 692 P
-0.41 (ganization issuing the certi\336cate, and that the Distinguished Name) 225.2 692 P
-0.44 (of the or) 72 672 P
-0.44 (ganization is the same as in the authorization message; if all these conditions hold, the unit) 111.54 672 P
-0.43 (will sign the certi\336cate with the or) 72 652 P
-0.43 (ganization private key and return the result to the issuing author-) 233.8 652 P
(ity) 72 632 T
(.) 83.89 632 T
-0.53 (In addition to char) 108 608 P
-0.53 (ging for the certi\336cate meter) 194.46 608 P
-0.53 (, RSA Data Security) 328.41 608 P
-0.53 (, Inc. will char) 423.97 608 P
-0.53 (ge a much) 491.77 608 P
0.39 (smaller royalty per certi\336cate than if RSA Data Security) 72 588 P
0.39 (, Inc. generated the certi\336cate itself. The) 344.15 588 P
0.82 (reason for the dif) 72 568 P
0.82 (ference in cost lies in the administrative overhead for RSA Data Security) 156.52 568 P
0.82 (, Inc.) 514.87 568 P
-0.16 (W) 72 548 P
-0.16 (ith the certi\336cate generation unit, that or) 82.84 548 P
-0.16 (ganization need only supply the software and box once.) 274.51 548 P
0.36 (However) 72 528 P
0.36 (, if RSA Data Security Inc. manages an or) 115.48 528 P
0.36 (ganization\325) 320.02 528 P
0.36 (s private key and generates certi\336-) 373.32 528 P
-0.15 (cates on behalf of that or) 72 508 P
-0.15 (ganization, it will have overhead of extra personnel and equipment to run) 189.93 508 P
1.31 (the software and to provide adequate management and protection for those keys and software.) 72 488 P
0.45 (Hence the expense of having RSA Data Security) 72 468 P
0.45 (, Inc. create the certi\336cates is greater than using) 307.89 468 P
(the certi\336cate generation unit.) 72 448 T
4 F
(5. Implementation Requir) 72 416 T
(ements) 204.71 416 T
6 F
(71) 240.68 420.8 T
0 F
-0.12 (Although the privacy-enhanced electronic mail proposals do not mandate details of imple-) 108 392 P
-0.17 (mentation of the protocols, they do place certain constraints on what conforming implementations) 72 372 P
0.03 (must do. The two most important restrictions are upon the processing of nested privacy-enhanced) 72 352 P
(messages and error handling.) 72 332 T
-0.24 (The proposals require conforming implementations to handle both recursively nested mes-) 108 308 P
0.41 (sages and serially nested messages; so, for example, a privacy-enhanced message may be placed) 72 288 P
0.15 (in the body of a second message and forwarded, and that message may itself be put into the body) 72 268 P
0.34 (of a third message and forwarded, and so on. Similarly) 72 248 P
0.34 (, a set of privacy-enhanced messages may) 337.11 248 P
0.74 (be placed one after the other inside the body of a privacy-enhanced message. Precisely how the) 72 228 P
-0.4 (implementation handles such cases is up to the implementor) 72 208 P
-0.4 (, and one conformant prototype imple-) 356.8 208 P
-0.23 (mentation simply requires the user to run a text editor on the message to extract each enclosed pri-) 72 188 P
-0.04 (vacy-enhanced message and store it in its own \336le; each \336le may then be checked \050and decrypted,) 72 168 P
0.29 (if necessary\051. But some mechanism for doing this must be available and usable with the privacy-) 72 148 P
(enhanced user agent.) 72 128 T
1.61 (More interesting are the requirements for handling errors. Syntax errors in privacy-en-) 108 104 P
-0.59 (hanced messages should be \337agged, as should messages which yeild an incorrect message integrity) 72 84 P
FMENDPAGE
%%EndPage: "30" 31
%%Page: "31" 31
612 792 0 FMBEGINPAGE
72 745.99 540 756 R
7 X
0 K
V
72 32.69 540 42.7 R
V
0 F
0 X
(Page 31 of 44) 473.71 34.7 T
72 72 540 720 R
7 X
V
0 X
-0.25 (checksum. If the message is not of the type ) 72 712 P
5 F
-0.59 (MIC-CLEAR) 279.63 712 P
0 F
-0.25 (, the latter case raises a very serious user) 344.39 712 P
-0.08 (interface issue: should the user be shown a message which may be useful even in its altered state?) 72 692 P
-0.27 (For example, if a character was deleted due to network transmission problems, the rest of the mes-) 72 672 P
0.4 (sage may givew the user enough indications to be able to reconstruct the sender and contact him) 72 652 P
0.09 (for more information. On the other hand, if the entire message is for) 72 632 P
0.09 (ged, the user can place no re-) 399.27 632 P
0.11 (liance on it at all. The privacy-enhanced mail proposal strikes a balance between not showing the) 72 612 P
-0.67 (letter at all and showing the letter with a warning that the user may ignore \050or not notice\051: it requires) 72 592 P
-0.4 (that the user be informed of the error and ) 72 572 P
2 F
-0.4 (then) 268.56 572 P
0 F
-0.4 ( be forced to ask that the relevant message be shown.) 289.21 572 P
-0.47 (This positive indication is the best technique to ensure the user is aware of the problem and accepts) 72 552 P
(the risks of reading the message \050and acting on it, if he does\051.) 72 532 T
-0.43 (In any case, a user agent conforming to the requirements of the privacy-enhanced mail pro-) 108 508 P
0.04 (tocols must display the full distinguished name of the sender; if the message is encrypted, the full) 72 488 P
-0.51 (distinguished name of each recipient must also be shown. Further) 72 468 P
-0.51 (, if any certi\336cation path involves) 381.35 468 P
1.11 (cross-certi\336cation of top-level certifying authorities, this must be made apparent to the user) 72 448 P
1.11 (, as) 522.9 448 P
(must the use of any persona certi\336cates. The precise mechanism is up to the implementor) 72 428 T
(.) 499.37 428 T
-0.68 (Finally) 108 404 P
-0.68 (, an error may occur because a privacy-enhanced letter is mis-addressed. In this case,) 141.21 404 P
0.38 (most message transport agents will return the letter to the originator) 72 384 P
0.38 (. However) 400.29 384 P
0.38 (, if the letter is en-) 450.15 384 P
-0.46 (crypted, the sender could not read the contents, because he has none of the recipients\325 private keys.) 72 364 P
-0.25 (So, in order to enable the sender to process any encrypted message which is returned as undeliver-) 72 344 P
1.31 (able, all privacy-enhanced mail implementations must allow the sender to insert a ) 72 324 P
5 F
3.14 (Key-Info) 482.43 324 P
0 F
0.63 (header \336eld after the ) 72 304 P
5 F
1.5 (Originator-ID) 176.41 304 P
0 F
0.63 ( header \336eld. This line may then be used to decrypt the) 269.96 304 P
(message should it be returned.) 72 284 T
4 F
(6. A Symmetric Key Distribution Mechanism) 72 252 T
0 F
-0.52 (Although the privacy-enhanced mail proposal recommends interchange keys be distributed) 108 228 P
1.08 (using certi\336cates, alternate key distribution methods may be used with it. In particular) 72 208 P
1.08 (, given a) 496.87 208 P
(trusted third party \050server\051, symmetric cryptography may be used.) 72 188 T
1.54 (The simplest such con\336guration [31] works by having each user establish a secret key) 108 164 P
0.67 (known only to her and to the key distribution center) 72 144 P
0.67 (. When one user wishes to send privacy-en-) 326.17 144 P
-0.22 (hanced electronic mail to another) 72 124 P
-0.22 (, the sender obtains a data exchange key) 230.49 124 P
-0.22 (, encrypts the message in) 420.65 124 P
-0.25 (the normal manner) 72 104 P
-0.25 (, then encrypts the data exchange key and message integrity check using her in-) 161.61 104 P
0.28 (terchange key) 72 84 P
0.28 (, and transmits them to the trusted server) 138.43 84 P
0.28 (. The server decrypts the two and encrypts) 334.9 84 P
FMENDPAGE
%%EndPage: "31" 32
%%Page: "32" 32
612 792 0 FMBEGINPAGE
72 745.99 540 756 R
7 X
0 K
V
72 32.69 540 42.7 R
V
0 F
0 X
(Page 32 of 44) 473.71 34.7 T
72 72 540 720 R
7 X
V
0 X
-0.47 (them using its own key) 72 712 P
-0.47 (, along with the sender) 180.59 712 P
-0.47 (\325) 288.06 712 P
-0.47 (s identity) 291.4 712 P
-0.47 (. These are returned to the sender) 334.46 712 P
-0.47 (, who then) 490.65 712 P
0.42 (inserts them into her message and sends the message. The recipient relays the information in the) 72 692 P
5 F
-0.96 (Key-Info) 72 672 P
0 F
-0.4 ( and ) 129.57 672 P
5 F
-0.96 (Sender) 152.08 672 P
0 F
-0.4 ( \336elds to the trusted server) 195.26 672 P
-0.4 (, which decrypts the contents using its key and) 319.69 672 P
0.39 (then encrypts them using the recipient\325) 72 652 P
0.39 (s interchange key) 260.16 652 P
0.39 (. When the recipient gets the result from) 344.08 652 P
(the server) 72 632 T
(, he can decrypt the message in the usual way) 118.47 632 T
(.) 336.19 632 T
0.18 (The main problem with this scheme is that, in addition to trusting the user agents, the key) 108 608 P
0.23 (distribution center must also be trusted; if it is not, the scheme is worthless. Since the proposal is) 72 588 P
-0.37 (intended as an Internet standard, it cannot realistically expect an entity on the internet to trust serv-) 72 568 P
-0.36 (ers ) 72 548 P
2 F
-0.36 (not) 88.63 548 P
0 F
-0.36 ( under its control. Hence, the key distribution proposal in support of privacy-enhanced elec-) 103.95 548 P
-0.23 (tronic mail uses a public key cryptosystem and a mechanism that does not require trusting a single) 72 528 P
(host.) 72 508 T
-0.49 (Notice that trusting a certifying authority and trusting a server of the sort described here are) 108 484 P
-0.74 (very dif) 72 464 P
-0.74 (ferent. If the server is compromised, any of its subscribers can be impersonated and existing) 108.68 464 P
-0.24 (privacy-enhanced electronic letters read, as well as all letters sent after the compromise. However) 72 444 P
-0.24 (,) 537 444 P
-0.12 (if a certifying authority is compromised \050by someone obtaining the secret keys it signs certi\336cates) 72 424 P
0.75 (with\051 the only damage is that new certi\336cates can be for) 72 404 P
0.75 (ged, users impersonated, and electronic) 347.8 404 P
0.31 (mail sent using those certi\336cates can be read; electronic mail sent with certi\336cates existing at the) 72 384 P
0.08 (time of compromise is still protected, as are all letters sent before the compromise. In short, com-) 72 364 P
-0.12 (promising a trusted server compromises everything; compromising a certifying authority does not) 72 344 P
(compromise previously sent messages.) 72 324 T
-0.2 (A second problem with trusted servers springs from the use of multiple servers in dif) 108 300 P
-0.2 (ferent) 512.03 300 P
-0.23 (domains introduces latencies in negotiating exchange keys. If someone at Dartmouth were to send) 72 280 P
-0.04 (a letter to someone at Purdue, the Dartmouth and Purdue servers would have to coordinate the se-) 72 260 P
0.04 (lection of the interchange key) 72 240 P
0.04 (. This would have to be done in a very timely fashion to prevent de-) 213.95 240 P
0.01 (lays in the message transmission; this suggests replication of data on dif) 72 220 P
0.01 (ferent servers, once again) 417.41 220 P
0.65 (raising the issue of trusting a server not under local control. The alternative is to accept that en-) 72 200 P
(crypted mail might be delayed due to reasons beyond the control of the message transport agents.) 72 180 T
0.76 (W) 108 156 P
0.76 (e should also note that this server does more than provide an authentication service) 118.36 156 P
0.76 (: it) 526.24 156 P
-0.58 (provides a ) 72 136 P
2 F
-0.58 (digital signatur) 123.47 136 P
-0.58 (e service) 196.76 136 P
0 F
-0.58 (. An authentication service con\336rms the identity of the user) 238.47 136 P
-0.58 (, and) 517.26 136 P
0.96 (may provide credentials attesting to the authentication. However) 72 116 P
0.96 (, a digital signature service not) 387.99 116 P
-0.2 (only authenticates the user but also binds the user) 72 96 P
-0.2 (\325) 308.72 96 P
-0.2 (s identity to the message being sent. An authen-) 312.05 96 P
FMENDPAGE
%%EndPage: "32" 33
%%Page: "33" 33
612 792 0 FMBEGINPAGE
72 745.99 540 756 R
7 X
0 K
V
72 32.69 540 42.7 R
V
0 F
0 X
(Page 33 of 44) 473.71 34.7 T
72 72 540 720 R
7 X
V
0 X
-0.06 (tication tool would therefore be quite unsuitable for this scheme; in particular) 72 712 P
-0.06 (, the functionality of) 442.25 712 P
(the authentication server ) 72 692 T
2 F
(Kerber) 192.91 692 T
(os) 226.44 692 T
0 F
( ) 237.1 692 T
([38]) 240.1 692 T
( would need to be radically expanded to make it suitable.) 260.08 692 T
4 F
(7. Mailing Lists and Forwarding Messages) 72 660 T
0 F
-0.63 (Privacy-enhanced electronic mail can be forwarded, but if asymmetric interchange keys are) 108 636 P
0 (used there is a subtlety) 72 616 P
0 (. If the message is of type ) 180.49 616 P
5 F
0 (MIC-ONLY) 306.41 616 P
0 F
0 ( or ) 363.98 616 P
5 F
0 (MIC-CLEAR) 379.97 616 P
0 F
0 (, the message integ-) 444.73 616 P
0.58 (rity checksum in the ) 72 596 P
5 F
1.4 (MIC-Info) 174.94 596 P
0 F
0.58 ( header \336eld is decrypted using the sender) 232.51 596 P
0.58 (\325) 438.55 596 P
0.58 (s public component,) 441.89 596 P
0 (and re-encrypted using the recipient\325) 72 576 P
0 (s private component; the message may then be forwarded; as) 247.87 576 P
-0.21 (an alternative, it can simply be placed within the body of another privacy-enhanced mail message.) 72 556 P
0.43 (If the message is of type ) 72 536 P
5 F
1.04 (ENCRYPT) 194.51 536 P
0 F
0.43 (, the recipient decrypts the data encryption key) 244 536 P
0.43 (, uses that key) 470.74 536 P
1.13 (and the originator) 72 516 P
1.13 (\325) 159.97 516 P
1.13 (s public component to decrypt the message integrity checksum, encrypts the) 163.31 516 P
-0.42 (message integrity checksum using his private component and the data encryption key) 72 496 P
-0.42 (, and then en-) 475.98 496 P
-0.04 (crypts the data encryption key using the public component of the party to whom the message is to) 72 476 P
-0.2 (be forwarded. Note that in this case the message cannot simply be enclosed in another privacy-en-) 72 456 P
(hanced message, as the decryption requires the private key of the forwarder) 72 436 T
(.) 433.7 436 T
0.4 (If symmetric interchange keys are used, the procedure is similar) 108 412 P
0.4 (, except that the transfor-) 418.18 412 P
-0.47 (mations involve agreed-upon secret keys, and in neither case can the message be forwarded simply) 72 392 P
(by enclosing it in another privacy-enhanced mail message.) 72 372 T
0.9 (Sending a privacy-enhanced message to multiple recipients is straightforward and needs) 108 348 P
-0.2 (not be elaborated upon. However) 72 328 P
-0.2 (, the case when those multiple recipients are part of a mailing list) 230.26 328 P
(\050in which a letter sent to a single address is ) 72 308 T
2 F
(exploded) 281.19 308 T
0 F
( or forwarded to multiple recipients\051 does.) 324.48 308 T
-0.14 (In some cases, the membership of a mailing list may not be known or available to a sender) 108 284 P
0.16 (for a variety of reasons. The host on which the alias is exploded may not be willing to reveal that) 72 264 P
0.3 (information. The mailing list may itself contain mailing lists \050for example, the mailing list ) 72 244 P
2 F
0.3 (csnet-) 511.36 244 P
0.12 (forum@r) 72 224 P
0.12 (elay) 115.91 224 P
0.12 (.cs.net) 135.23 224 P
0 F
0.12 ( has as an address ) 165.87 224 P
2 F
0.12 (csnet-forum@dartmouth.edu) 254.73 224 P
0 F
0.12 (, which is itself a mailing list\051.) 393.35 224 P
-0.18 (In this case there must be an interchange key associated with the list; then all letters sent to the list) 72 204 P
(are simply forwarded to each member of the list as described above.) 72 184 T
3 F
(72) 399.07 188.8 T
0 F
0.41 ( If the sender can determine the membership of the mailing list, then a separate list inter-) 108 160 P
0.09 (change key is unnecessary; the sender can simply insert the destinations into the letter using mul-) 72 140 P
0.61 (tiple ) 72 120 P
5 F
1.46 (Recipient-ID) 96.93 120 P
0 F
0.61 ( and ) 183.28 120 P
5 F
1.46 (Key-Info) 207.82 120 P
0 F
0.61 ( \336elds. The message would be encrypted using the same) 265.38 120 P
-0.43 (data exchange key for all recipients and hence the encryption and integrity check need be done just) 72 100 P
FMENDPAGE
%%EndPage: "33" 34
%%Page: "34" 34
612 792 0 FMBEGINPAGE
72 745.99 540 756 R
7 X
0 K
V
72 32.69 540 42.7 R
V
0 F
0 X
(Page 34 of 44) 473.71 34.7 T
72 72 540 720 R
7 X
V
0 X
-0.06 (once; however) 72 712 P
-0.06 (, the information in each ) 141.73 712 P
5 F
-0.14 (Key-Info) 262.01 712 P
0 F
-0.06 ( \336eld would be encrypted using the associated) 319.58 712 P
(recipient\325) 72 692 T
(s public key) 117.3 692 T
(.) 174.48 692 T
0.42 (If the certi\336cate-based key distribution mechanism described above is used and the inter-) 108 668 P
-0.33 (change keys are RSA keys with public exponent 3, note that even though there is a single recipient) 72 648 P
-0.15 (address there are multiple recipients. Hence the data exchange key should be padded with a 64-bit) 72 628 P
(pseudorandom quantity) 72 608 T
(, as discussed above.) 184.15 608 T
4 F
(8. Conclusion) 72 576 T
0 F
1.69 (The above two protocols satisfy the constraints and recommendations presented in the) 108 552 P
0.21 (background section. Encapsulating the privacy-enhanced message renders it invisible to the mes-) 72 532 P
-0.38 (sage transport agents, so no transport-level protocols need to be changed; the message may be pro-) 72 512 P
1.82 (cessed by a special program and then included in the body of a conventional electronic mail) 72 492 P
0.56 (message, so only that part of the user agent providing the privacy enhancements need be trusted) 72 472 P
0.42 (with special security information, and conventional \050non-enhanced\051 electronic mail is unaf) 72 452 P
0.42 (fected) 510.7 452 P
-0.14 (by the presence \050or absence\051 of these enhancements. Integrity and authenticity are assured so long) 72 432 P
-0.67 (as the interchange keys are not compromised, and if the message is encrypted it will also be private.) 72 412 P
0.2 (Finally) 72 392 P
0.2 (, since the protocol for privacy-enhanced mail allows the use of any key management sys-) 105.21 392 P
(tem, it is \337exible enough to be used in a multitude of environments.) 72 372 T
1.4 (All this suggests an obvious architecture for implementing privacy-enhanced electronic) 108 348 P
-0.27 (mail. A special program to enhance messages runs above the user agent, taking as input a message) 72 328 P
-0.02 (and producing as output the transformed result. The user then includes this in a conventional mail) 72 308 P
-0.52 (message using any user agent desired. The recipient reverses the process by extracting the message) 72 288 P
-0.49 (from his mail message using his user agent, and then passing the encapsulated part to a second pro-) 72 268 P
-0.23 (gram which reverses the transformation and produces a local representation of the initial message.) 72 248 P
0.51 (The advent of personal computers and workstations has led many facilities to use central) 108 224 P
-0.17 (servers as mail hosts, so users can download their messages from their platform to the central host) 72 204 P
0.61 (for transmission [12]. The above architecture \336ts into this scheme nicely; the privacy-enhancing) 72 184 P
-0.07 (software need reside only on the user) 72 164 P
-0.07 (\325) 250.54 164 P
-0.07 (s platform. This was no small consideration in the design of) 253.88 164 P
(the protocol.) 72 144 T
0.18 (Both the X.41) 108 120 P
0.18 (1 Recommendation and MSP were designed for dif) 175.54 120 P
0.18 (ferent requirements, and) 422.74 120 P
-0.19 (do not satisfy the same constraints as the privacy-enhanced mail protocols. Speci\336cally) 72 100 P
-0.19 (, the X.41) 487.52 100 P
-0.19 (1) 534 100 P
-0.2 (Recommendation requires each message transport agent to be able to parse the headers containing) 72 80 P
FMENDPAGE
%%EndPage: "34" 35
%%Page: "35" 35
612 792 0 FMBEGINPAGE
72 745.99 540 756 R
7 X
0 K
V
72 32.69 540 42.7 R
V
0 F
0 X
(Page 35 of 44) 473.71 34.7 T
72 72 540 720 R
7 X
V
0 X
0.28 (the security parameters; this would require altering existing message transport agents. By way of) 72 712 P
-0.26 (contrast, the Message Security Protocol is similar to privacy-enhanced mail, except that it uses the) 72 692 P
(X.400 protocols rather than SMTP as its basis. [21]) 72 672 T
-0.69 (The reasons for selecting a patented cryptosystem as the public key cryptosystem to be used) 108 648 P
0.36 (in the privacy-enhanced mail protocol have been explained in section 4.3. It is perfectly possible) 72 628 P
0.32 (to use some other public key cryptosystem \050or cryptosystems\051 to generate keys; however) 72 608 P
0.32 (, factors) 501.05 608 P
0.63 (such as ciphertext expansion \050if the size of the interchange key or the size of the encrypted data) 72 588 P
0.78 (encryption key becomes several thousand bits, the overhead would become prohibitive\051 and the) 72 568 P
-0.23 (need for software may constrain this option. Further) 72 548 P
-0.23 (, if only one public key system is used, it must) 319.74 548 P
-0.01 (provide both authentication and privacy) 72 528 P
-0.01 (, and if more than one system is used \050for example, one to) 262.36 528 P
0.83 (provide secrecy and another to provide authenticity\051, then the key distribution and management) 72 508 P
(scheme must manage two sets of keys per user) 72 488 T
(.) 295.17 488 T
-0.03 (W) 108 464 P
-0.03 (e must emphasize that the privacy-enhanced electronic mail protocol and the certi\336cate-) 118.36 464 P
-0.38 (based key management protocol are distinct; one is free to adopt the \336rst without using the second.) 72 444 P
0.08 (Indeed, [26] speci\336cally describes protocols to be used with key management schemes other than) 72 424 P
1.17 (certi\336cate-based schemes, and states that \322the message processing procedures can also be used) 72 404 P
-0.21 (with symmetric key management.\323) 72 384 P
3 F
-0.18 (73) 239.24 388.8 P
0 F
-0.21 ( Or) 249.24 384 P
-0.21 (ganizations that decide not to use the public key approach) 264.46 384 P
0.52 (may substitute their own key management scheme; however) 72 364 P
0.52 (, to be compatible with other imple-) 364.64 364 P
-0.73 (mentations, all implementations of privacy-enhanced electronic mail should support the certi\336cate-) 72 344 P
0.83 (based approach.) 72 324 P
3 F
0.7 (74) 150.1 328.8 P
0 F
0.83 ( This also means that the certi\336cate-based key management protocols may be) 160.09 324 P
0.22 (used in contexts other than privacy-enhanced mail [4]; since its infrastructure is similar to that of) 72 304 P
(X.400, it can be used to transition to that, and related, standards.) 72 284 T
0.48 (More research in cryptography would aid in the maturation of this proposal. Speci\336cally) 108 260 P
0.48 (,) 537 260 P
-0.18 (one-way hash functions such as RSA-MD2 that can be used to compute a message integrity check) 72 240 P
0.18 (are very few; more are needed. A public key cryptosystem as strong as RSA would allow the use) 72 220 P
-0.28 (of interchange keys not encumbered by licensing. If such a cryptosystem could be implemented as) 72 200 P
(ef) 72 180 T
(\336ciently as the DES, it could be used to encrypt the message as well.) 81.1 180 T
0.51 (Finally) 108 156 P
0.51 (, this proposal does not address issues in network and system security) 141.21 156 P
0.51 (, such as the) 479.84 156 P
0.31 (development of trusted software, routing controls, replays, and access controls. While all are im-) 72 136 P
(portant to the sending of electronic mail, they have much wider applications, and provide a fertile) 72 116 T
(\336eld for research and development.) 72 96 T
FMENDPAGE
%%EndPage: "35" 36
1 12 /Times-BoldItalic FMDEFINEFONT
%%Page: "36" 36
612 792 0 FMBEGINPAGE
72 745.99 540 756 R
7 X
0 K
V
72 32.69 540 42.7 R
V
0 F
0 X
(Page 36 of 44) 473.71 34.7 T
72 72 540 720 R
7 X
V
1 F
0 X
-0.29 (Acknowledgments. ) 72 712 P
0 F
-0.29 (This paper presents a set of protocols developed during a series of meetings of) 167.67 712 P
-0.12 (the IAB\325) 72 692 P
-0.12 (s Privacy and Security Research Group, and stated in a series of RFCs. Thanks are due to) 113.52 692 P
-0.61 (David Balenson, Curt Barker) 72 672 P
-0.61 (, Jim Bidzos, Danny Cohen, T) 209.6 672 P
-0.61 (om Daniel, Charles Fox, Morrie Gasser) 350.98 672 P
-0.61 (,) 537 672 P
0.27 (Stephen Kent, John Laws, John Linn, Steve Lipner) 72 652 P
0.27 (, Ralph Merkle, Dan Nessett, Mike Padlipsky) 317.94 652 P
0.27 (,) 537 652 P
-0.07 (Ken Rossen, Rob Shirey) 72 632 P
-0.07 (, Miles Smid, Dave Solo, Steve W) 188.93 632 P
-0.07 (alker) 352.45 632 P
-0.07 (, and Steve W) 375.94 632 P
-0.07 (ilbur) 442.53 632 P
-0.07 (. Special thanks) 464.53 632 P
-0.08 (to Burton Kaliski, Jr) 72 612 P
-0.08 (., of RSA Data Security) 169.05 612 P
-0.08 (, Inc., for information on how RSA Data Security Inc.) 281.89 612 P
-0.04 (would be handling the certi\336cation process, and to him, Ken Rossen, and Dave Solo on the certif-) 72 592 P
-0.05 (icate postage meters, and to David Balenson for generating the sample message for symmetric in-) 72 572 P
0.25 (terchange keys. Also, thanks to David Balenson, Donald Johnson, Burton Kaliski, Jr) 72 552 P
0.25 (., John Linn,) 479.19 552 P
-0.62 (Evi Nemeth, Dan Nessett, and J. Shallit, for their constructive comments on an earlier draft, to Joan) 72 532 P
0.05 (Feigenbaum of A) 72 512 P
0.05 (T&T Bell Laboratories for encouraging me to write this paper) 154.72 512 P
0.05 (, and to the partic-) 452.18 512 P
1.27 (ipants at the DIMACS W) 72 492 P
1.27 (orkshop on Distributed Computing and Cryptography) 198.06 492 P
1.27 (, without whose) 461.16 492 P
0.44 (probing questions \050and spirited discussion\051 many of the parts of this paper would be a good deal) 72 472 P
(less complete and more confusing.) 72 452 T
4 F
(Refer) 72 420 T
(ences) 100.41 420 T
0 F
([1]) 72 396 T
-0.66 (S. Akl, \322On the Security of Compressed Encodings,\323 ) 108 396 P
2 F
-0.66 (Advances in Cryptology: Pr) 360.22 396 P
-0.66 (oceedings) 492.04 396 P
(of Crypto 83) 108 376 T
0 F
(, Plenum Press, New Y) 168.64 376 T
(ork, NY \0501984\051 pp. 209-230.) 278.7 376 T
([2]) 72 352 T
1.25 (ANSI X9.17-1985, ) 108 352 P
2 F
1.25 (American National Standar) 205.11 352 P
1.25 (d) 339.77 352 P
0 F
1.25 ( ) 345.77 352 P
2 F
1.25 (Financial Institution Key Management) 350.02 352 P
(\050Wholesale\051) 108 332 T
0 F
(, American Bankers Association \050Apr) 165.95 332 T
(. 1985\051.) 346.15 332 T
([3]) 72 308 T
-0.09 (W) 108 308 P
-0.09 (. Barker) 118.22 308 P
-0.09 (, P) 156.28 308 P
-0.09 (. Cochrane, and M. Branstad, \322Embedding Cryptography into a T) 167.53 308 P
-0.09 (rusted Mach) 480.47 308 P
1.02 (System,\323 ) 108 288 P
2 F
1.02 (Pr) 155.66 288 P
1.02 (oceedings of the Fourth Aer) 167.21 288 P
1.02 (ospace Computer Security Applications Confer-) 305.41 288 P
(ence) 108 268 T
0 F
(, p. 379-383 \050Dec. 1988\051.) 129.97 268 T
([4]) 72 244 T
-0.4 (M. Bishop, \322An Authentication Mechanism for USENET) 108 244 P
-0.4 (,\323 ) 380.51 244 P
2 F
-0.4 (W) 391.43 244 P
-0.4 (inter 1991 USENIX Pr) 400.76 244 P
-0.4 (oceed-) 508.04 244 P
(ings) 108 224 T
0 F
( pp. 281-287 \050Jan. 1991\051.) 127.99 224 T
([5]) 72 200 T
0.38 (T) 108 200 P
0.38 (. Casey and S. W) 114.44 200 P
0.38 (ilbur) 198.09 200 P
0.38 (, \322Privacy Enhanced Electronic Mail,\323 ) 220.26 200 P
2 F
0.38 (Pr) 413.05 200 P
0.38 (oceedings of the Fourth) 424.6 200 P
(Aer) 108 180 T
(ospace Computer Security Applications Confer) 124.87 180 T
(ence) 350.96 180 T
0 F
(, pp. 16-21 \050Dec. 1988\051.) 372.93 180 T
([6]) 72 156 T
0.99 (CCITT Recommendation X.208, ) 108 156 P
2 F
0.99 (Speci\336cation of Abstract Syntax Notation One \050ASN.1\051) 271.88 156 P
0 F
(\0501988\051.) 108 136 T
([7]) 72 112 T
-0.71 (CCITT) 108 112 P
2 F
-0.71 ( ) 142.65 112 P
0 F
-0.71 (Recommendation X.209, ) 144.94 112 P
2 F
-0.71 (Speci\336cation of Basic Encoding Rules for Abstract Syntax) 266.78 112 P
(Notation One \050ASN.1\051) 108 92 T
0 F
( \0501988\051) 214.27 92 T
FMENDPAGE
%%EndPage: "36" 37
%%Page: "37" 37
612 792 0 FMBEGINPAGE
72 745.99 540 756 R
7 X
0 K
V
72 32.69 540 42.7 R
V
0 F
0 X
(Page 37 of 44) 473.71 34.7 T
72 72 540 720 R
7 X
V
0 X
([8]) 72 712 T
(CCITT Recommendation X.400, ) 108 712 T
2 F
(Message) 268.9 712 T
0 F
( ) 310.87 712 T
2 F
(Handling) 313.87 712 T
0 F
( ) 359.18 712 T
2 F
(System) 362.18 712 T
0 F
( ) 395.48 712 T
2 F
(Model) 398.48 712 T
0 F
( \0501984\051.) 429.12 712 T
([9]) 72 688 T
0.92 (CCITT Recommendation X.41) 108 688 P
0.92 (1, ) 258.31 688 P
2 F
0.92 (Message Handling Systems: Message T) 271.23 688 P
0.92 (ransfer System:) 464.13 688 P
(Abstract Service De\336nition and Pr) 108 668 T
(ocedur) 273.45 668 T
(es) 306.31 668 T
0 F
( \0501988\051.) 316.3 668 T
([10]) 72 644 T
-0.02 (CCITT Recommendation X.500, ) 108 644 P
2 F
-0.02 (The Dir) 268.83 644 P
-0.02 (ectory - Overview of Concepts, Models, and Ser-) 306.01 644 P
(vices) 108 624 T
0 F
( \0501987\051.) 131.98 624 T
([1) 72 600 T
(1]) 81.55 600 T
(CCITT Recommendation X.509, ) 108 600 T
2 F
(The Dir) 268.9 600 T
(ectory - Authentication Framework) 306.11 600 T
0 F
( \0501987\051.) 475.66 600 T
([12]) 72 576 T
0.41 (D. Clark and M. Lambert, ) 108 576 P
2 F
0.41 (PCMAIL: A Distributed Mail System for Personal Computers) 237.96 576 P
0 F
0.41 (,) 537 576 P
(RFC-993 \050Dec. 1986\051.) 108 556 T
([13]) 72 532 T
1.54 (D. Crocker) 108 532 P
1.54 (, ) 162.35 532 P
2 F
1.54 (Standar) 169.89 532 P
1.54 (d) 207.43 532 P
0 F
1.54 ( ) 213.42 532 P
2 F
1.54 (for) 217.96 532 P
0 F
1.54 ( ) 231.96 532 P
2 F
1.54 (the) 236.5 532 P
0 F
1.54 ( ) 251.16 532 P
2 F
1.54 (Format) 255.7 532 P
0 F
1.54 ( ) 291.68 532 P
2 F
1.54 (of) 296.22 532 P
0 F
1.54 ( ) 305.55 532 P
2 F
1.54 (ARP) 310.09 532 P
1.54 (A) 330.52 532 P
0 F
1.54 ( ) 337.85 532 P
2 F
1.54 (Internet) 342.39 532 P
0 F
1.54 ( ) 380.36 532 P
2 F
1.54 (T) 384.9 532 P
1.54 (ext) 390.47 532 P
0 F
1.54 ( ) 404.45 532 P
2 F
1.54 (Message) 408.99 532 P
0 F
1.54 (s, RFC-822 \050Aug.) 450.96 532 P
(1982\051.) 108 512 T
([14]) 72 488 T
(D. Denning, ) 108 488 T
2 F
(Cryptography and Data Security) 169.96 488 T
0 F
(, Addison-W) 326.75 488 T
(esley) 387.75 488 T
(, Reading, MA \0501982\051.) 411.61 488 T
([15]) 72 464 T
0.63 (D. Dern, \322The T) 108 464 P
0.63 (rusted Mail System,\323 ) 188.39 464 P
2 F
0.63 (ConneXions \320 The Inter) 294.87 464 P
0.63 (operbility Report) 411.24 464 P
0 F
0.63 ( ) 494.15 464 P
4 F
0.63 (4) 497.78 464 P
0 F
0.63 (\0502\051 p. 8) 503.77 464 P
(\050Feb. 1990\051.) 108 444 T
([16]) 72 420 T
-0.11 (Federal Information Processing Standards Publication 46, ) 108 420 P
2 F
-0.11 (Data Encryption Standar) 387.52 420 P
-0.11 (d) 508.13 420 P
0 F
-0.11 ( \050Jan.) 514.13 420 P
(1977\051.) 108 400 T
([17]) 72 376 T
0.1 (Federal Information Processing Standards Publication 81, ) 108 376 P
2 F
0.1 (DES Modes of Operation) 388.73 376 P
0 F
0.1 ( \050Dec.) 510.6 376 P
(1980\051.) 108 356 T
([18]) 72 332 T
-0.29 (Federal Information Processing Standards Publication 1) 108 332 P
-0.29 (13, ) 374.28 332 P
2 F
-0.29 (Computer Data Authentication) 391.99 332 P
0 F
(\050May 1985\051.) 108 312 T
([19]) 72 288 T
-0.04 (Federal Information Processing Standards Publication 146, ) 108 288 P
2 F
-0.04 (Government Open Systems In-) 393.91 288 P
(ter) 108 268 T
(connection Pr) 120.88 268 T
(o\336le \050GOSIP\051) 188.06 268 T
0 F
( \050Apr) 254.33 268 T
(. 1989\051.) 279.31 268 T
([20]) 72 244 T
(ISO 3166, ) 108 244 T
2 F
(Codes for the Repr) 160.3 244 T
(esentation of Names of Countries) 250.8 244 T
0 F
( \0501987\051.) 410.73 244 T
([21]) 72 220 T
0.65 (R. Housley) 108 220 P
0.65 (, \322Electronic Messaging Security: A Comparison of Three Approaches,\323 ) 161.84 220 P
2 F
0.65 (Pr) 518.46 220 P
0.65 (o-) 530.01 220 P
2 (ceedings of the Fifth Annual Computer Security Applications Confer) 108 200 P
2 (ence) 452.73 200 P
0 F
2 (, p. 29 \050Dec.) 474.7 200 P
(1989\051.) 108 180 T
([22]) 72 156 T
(B. Kaliski Jr) 108 156 T
(., ) 167.64 156 T
2 F
(private communication) 176.64 156 T
0 F
( \050Mar) 287.57 156 T
(. 1990\051) 313.88 156 T
([23]) 72 132 T
0.27 (S. Kent and J. Linn, ) 108 132 P
2 F
0.27 (Privacy Enhancement for Internet Electr) 207.95 132 P
0.27 (onic Mail:) 404.42 132 P
0 F
0.27 ( ) 454.99 132 P
2 F
0.27 (Part II -- Certi\336-) 458.26 132 P
(cate-Based Key Management) 108 112 T
0 F
(, RFC-1) 248.55 112 T
(1) 286.76 112 T
(14 \050Aug. 1989\051.) 292.32 112 T
([24]) 72 88 T
(S. Kille, ) 108 88 T
2 F
(Mapping Between X.400\0501988\051 / ISO 10021 and RFC 822) 150.65 88 T
0 F
(, RFC-1) 429.47 88 T
(148 \050\051.) 467.68 88 T
FMENDPAGE
%%EndPage: "37" 38
1 10 /Times-Italic FMDEFINEFONT
%%Page: "38" 38
612 792 0 FMBEGINPAGE
72 745.99 540 756 R
7 X
0 K
V
72 32.69 540 42.7 R
V
0 F
0 X
(Page 38 of 44) 473.71 34.7 T
72 72 540 720 R
7 X
V
0 X
([25]) 72 712 T
1.54 (A. Lenstra and M. Manasse, \322Factoring by Electronic Mail,\323 to appear in) 108 712 P
2 F
1.54 ( Advances in) 475.64 712 P
(Cryptology \320 EUROCR) 108 692 T
(YPT \32489) 221.05 692 T
0 F
(, Springer) 260.7 692 T
(-V) 307.76 692 T
(erlag Berlin \0501990\051.) 319.08 692 T
([26]) 72 668 T
0.73 (J. Linn, ) 108 668 P
2 F
0.73 (Privacy Enhancement for Internet Electr) 148.77 668 P
0.73 (onic Mail:) 347.1 668 P
0 F
0.73 ( ) 398.13 668 P
2 F
0.73 (Part I -- Message Encipher-) 401.86 668 P
(ment and Authentication Pr) 108 648 T
(ocedur) 240.48 648 T
(es) 273.34 648 T
0 F
(, RFC-1) 283.33 648 T
(1) 321.54 648 T
(13 \050Aug. 1989\051.) 327.1 648 T
([27]) 72 624 T
-0.05 (J. Linn, ) 108 624 P
2 F
-0.05 (Privacy Enhancement for Internet Electr) 147.22 624 P
-0.05 (onic Mail:) 342.43 624 P
0 F
-0.05 ( ) 392.68 624 P
2 F
-0.05 (Part III -- Algorithms, Modes,) 395.63 624 P
(and Identi\336ers) 108 604 T
0 F
(, RFC-1) 177.62 604 T
(1) 215.83 604 T
(15 \050Aug. 1989\051.) 221.39 604 T
([28]) 72 580 T
0.23 (J. Linn and S. Kent, \322Electronic Mail Privacy Enhancement,\323 ) 108 580 P
2 F
0.23 (AIAA/ASIS/DODCI Second) 408.2 580 P
(Aer) 108 560 T
(ospace Computer Security Confer) 124.87 560 T
(ence) 287.33 560 T
0 F
(, pp. 40-44 \050Dec. 1986\051.) 309.3 560 T
([29]) 72 536 T
0.39 (J. Linn and S. Kent, \322Privacy for DARP) 108 536 P
0.39 (A-Internet Mail,\323 ) 302.16 536 P
2 F
0.39 (Pr) 389.86 536 P
0.39 (oceedings of the T) 401.41 536 P
0.39 (welfth Na-) 489.3 536 P
(tional Computer Security Confer) 108 516 T
(ence) 265.14 516 T
0 F
(, pp. 215-229 \050Oct. 1989\051.) 287.11 516 T
([30]) 72 492 T
0.7 (J. Moore, \322Protocol Failures in Cryptosystems,\323 ) 108 492 P
2 F
0.7 (Pr) 346.39 492 P
0.7 (oceedings of the IEEE) 357.93 492 P
0 F
0.7 (, ) 466.95 492 P
4 F
0.7 (76) 473.65 492 P
0 F
0.7 (\0505\051 pp. 597) 485.64 492 P
(\050May 1988\051.) 108 472 T
([31]) 72 448 T
0.33 (R. Needham and M. Schroeder) 108 448 P
0.33 (, \322Using Encryption for Authentication in Lar) 257.41 448 P
0.33 (ge Networks) 478.71 448 P
(of Computers,\323 ) 108 428 T
2 F
(Communications of the ACM) 184.95 428 T
0 F
(, ) 324.54 428 T
4 F
(21) 330.54 428 T
0 F
(\05012\051, pp. 993-999 \050Dec. 1978\051.) 342.53 428 T
([32]) 72 404 T
-0.15 (D. Nowitz, and M. Lesk, ) 108 404 P
2 F
-0.15 (A Dial-Up Network of ) 229.51 404 P
1 F
-0.12 (UNIX) 338.19 404 P
2 F
-0.15 ( Systems) 361.51 404 P
0 F
-0.15 (, document SMM:21 in) 402.33 404 P
2 F
-0.15 ( ) 513.83 404 P
1 F
-0.12 (UNIX) 516.68 404 P
2 F
0.23 (System Manager) 108 384 P
0.23 (\325) 188.95 384 P
0.23 (s Manual) 191.39 384 P
0 F
0.23 (, Computer Systems Research Group, University of California,) 236.6 384 P
(Berkeley) 108 364 T
(, CA 94720 \050Apr) 150.52 364 T
(. 1986\051. Reprinted by the USENIX Association.) 231.14 364 T
([33]) 72 340 T
(J. Postel, ) 108 340 T
2 F
(Simple) 153.98 340 T
0 F
( ) 186.63 340 T
2 F
(Mail) 189.63 340 T
0 F
( ) 212.28 340 T
2 F
(T) 215.28 340 T
(ransfer) 221.29 340 T
0 F
( ) 255.94 340 T
2 F
(Pr) 258.94 340 T
(otocol) 270.49 340 T
0 F
(, RFC-821 \050Aug. 1982\051.) 300.47 340 T
([34]) 72 316 T
(R. Rivest, ) 108 316 T
2 F
(The MD4 Message Digest Algorithm) 158.65 316 T
0 F
(, RFC-1) 335.2 316 T
(186 \050Oct. 1990\051.) 373.41 316 T
([35]) 72 292 T
0.8 (R. Rivest, A. Shamir) 108 292 P
0.8 (, and L. Adleman, \322A Method for Obtaining Digital Signatures and) 209.87 292 P
-0.27 (Public-Key Cryptosystems,\323 ) 108 272 P
2 F
-0.27 (Communications of the ACM) 247.7 272 P
0 F
-0.27 (, ) 386.47 272 P
4 F
-0.27 (21) 392.2 272 P
0 F
-0.27 (\0502\051 pp. 120-126 \050Feb. 1978\051.) 404.19 272 P
([36]) 72 248 T
0.12 (M. Rose and E. Stef) 108 248 P
0.12 (ferud, ) 204.89 248 P
2 F
0.12 (Pr) 236.31 248 P
0.12 (oposed Standar) 247.86 248 P
0.12 (d for Message Encapsulation) 322.5 248 P
0 F
0.12 (, RFC-934 \050Jan.) 463.13 248 P
(1985\051.) 108 228 T
([37]) 72 204 T
-0.73 (SDNS Protocol and Signaling W) 108 204 P
-0.73 (orking Group, ) 262.02 204 P
2 F
-0.73 (SDNS Message Security Pr) 331.51 204 P
-0.73 (otocol) 459.78 204 P
0 F
-0.73 (, SDN.701) 489.76 204 P
(Revision 1.5 \050Aug. 1989\051) 108 184 T
([38]) 72 160 T
-0.49 (J. Steiner) 108 160 P
-0.49 (, C. Neuman, and J. Schiller) 151.67 160 P
-0.49 (, \322Kerberos: An Authentication Service for Open Net-) 283.65 160 P
(work Systems,\323 ) 108 140 T
2 F
(USENIX Confer) 186.95 140 T
(ence Pr) 264.13 140 T
(oceedings) 300.65 140 T
0 F
(,) 348.61 140 T
2 F
( ) 351.61 140 T
0 F
(pp. 191-202 \050W) 354.61 140 T
(inter 1988\051.) 430.41 140 T
([39]) 72 116 T
1 F
0.38 (UNIX) 108 116 P
2 F
0.45 ( User) 131.32 116 P
0.45 (\325) 158.53 116 P
0.45 (s Manual Refer) 160.97 116 P
0.45 (ence Guide) 235.38 116 P
0 F
0.45 (, Computer Systems Research Group, University of) 290.12 116 P
(California, Berkeley) 108 96 T
(, CA 94720 \050Apr) 205.15 96 T
(. 1986\051. Reprinted by the USENIX Association.) 285.77 96 T
FMENDPAGE
%%EndPage: "38" 39
%%Page: "39" 39
612 792 0 FMBEGINPAGE
72 745.99 540 756 R
7 X
0 K
V
72 32.69 540 42.7 R
V
0 F
0 X
(Page 39 of 44) 473.71 34.7 T
72 72 540 720 R
7 X
V
0 X
([40]) 72 712 T
-0.29 (V) 108 712 P
-0.29 (. V) 115.11 712 P
-0.29 (oydock and S. Kent, \324) 127.93 712 P
-0.29 (\324Security Mechanisms in High-Level Network Protocols,\325) 230.49 712 P
-0.29 (\325 ) 506.64 712 P
2 F
-0.29 (Com-) 513.35 712 P
(puting) 108 692 T
0 F
( ) 138.65 692 T
2 F
(Surveys) 141.65 692 T
0 F
( ) 178.95 692 T
4 F
(15) 181.95 692 T
0 F
(\0502\051 pp. 135-171 \050June 1983\051.) 193.95 692 T
FMENDPAGE
%%EndPage: "39" 40
1 14 /Times-Bold FMDEFINEFONT
%%Page: "40" 40
612 792 0 FMBEGINPAGE
72 745.99 540 756 R
7 X
0 K
V
72 32.69 540 42.7 R
V
0 F
0 X
(Page 40 of 44) 473.71 34.7 T
72 72 540 720 R
7 X
V
1 F
0 X
(Footnotes) 72 710.67 T
0 F
(1) 72 691 T
0.09 (Author) 93.6 691 P
0.09 (\325) 128.02 691 P
0.09 (s af) 131.35 691 P
0.09 (\336liation: Department of Mathematics and Computer Science, Dartmouth College,) 148.21 691 P
-0.72 (Hanover) 93.6 671 P
-0.72 (, NH 03755. Participation in the series of meetings leading to these proposals was sup-) 134.41 671 P
-0.74 (ported by grant NCC2-397 from the National Aeronautics and Space Administration to the Re-) 93.6 651 P
-0.02 (search Institute for Advanced Computer Science, by grants NAG2-480 and NAG 2-628 from) 93.6 631 P
1.03 (the National Aeronautics and Space Administration to Dartmouth College, and by a Burke) 93.6 611 P
1.42 (A) 93.6 591 P
1.42 (ward from Dartmouth College. A preliminary version of this paper was presented at the) 101.16 591 P
1.33 (DIMACS W) 93.6 571 P
1.33 (orkshop on Distributed Systems and Cryptography at Princeton, NJ, Oct. 4-6,) 154.93 571 P
(1989.) 93.6 551 T
(2) 72 527 T
0.51 (Footnotes will describe the speci\336cation in the appropriate RFC, and indicate the reason for) 93.6 527 P
(the change.) 93.6 507 T
(3) 72 483 T
(UNIX is a Registered T) 93.6 483 T
(rademark of A) 207.09 483 T
(T&T Bell Laboratories.) 275.7 483 T
(4) 72 459 T
-0.11 (Strictly speaking, this is a poor assumption; however) 93.6 459 P
-0.11 (, it serves to separate the issues involved) 346.22 459 P
-0.71 (in the security of a computer and its attendant software from the security enhancements needed) 93.6 439 P
(to protect and authenticate an electronic mail message in transit.) 93.6 419 T
(5) 72 395 T
(The Mail\0501\051 program in Berkeley UNIX is a good example of this [39].) 93.6 395 T
(6) 72 371 T
(This dif) 93.6 371 T
(fers from [26], \2444.4, which uses the same line to begin and end an encapsulation.) 131.03 371 T
(7) 72 347 T
-0.36 ([26], \2444.4, suggests that under some circumstances replicating header \336elds for authentication) 93.6 347 P
(purposes in the body is possible. This has been dropped.) 93.6 327 T
(8) 72 303 T
([33], \2444.5.) 93.6 303 T
(9) 72 279 T
([26], \2444.3.2.2.) 93.6 279 T
(10) 72 255 T
-0.07 (The only dif) 93.6 255 P
-0.07 (ference between this and the SMTP representation is the dot-stuf) 152.54 255 P
-0.07 (\336ng transforma-) 462.46 255 P
0.09 (tion \050[33], \2444.5.2\051, in which lines consisting only of a period \322.\323 have a second period added.) 93.6 235 P
-0.46 (This is unnecessary since the purpose of the transformation is simply to ensure a common rep-) 93.6 215 P
(resentation of each character) 93.6 195 T
(.) 230.47 195 T
(1) 72 171 T
(1) 77.55 171 T
([26], \2444.3.2.3.) 93.6 171 T
(12) 72 147 T
-0.09 (Other integrity check algorithms may be added later; see [27], \2441 and \2444. For example, RSA-) 93.6 147 P
(MD4 was added after [27] was issued.) 93.6 127 T
(13) 72 103 T
-0.24 ([26] , \2444.6.1.1. This section also provided for partial encryption, in which only portions of the) 93.6 103 P
(message were encrypted. Partial encryption has since been dropped from the protocol.) 93.6 83 T
FMENDPAGE
%%EndPage: "40" 41
%%Page: "41" 41
612 792 0 FMBEGINPAGE
72 745.99 540 756 R
7 X
0 K
V
72 32.69 540 42.7 R
V
0 F
0 X
(Page 41 of 44) 473.71 34.7 T
72 72 540 720 R
7 X
V
0 X
(14) 72 712 T
(Again, other message encryption algorithms may be added later; see [27], \2441 and \2442.1.3.) 93.6 712 T
(15) 72 688 T
0.53 (This dif) 93.6 688 P
0.53 (fers from [26], \2444.3.2.3, which required padding with octets of all bits set, the high-) 131.56 688 P
0.46 (order bit being set disambiguated the padding from the message. This was changed for con-) 93.6 668 P
(formity to most implementations of DES in Cipher Block Chaining mode. ) 93.6 648 T
(16) 72 624 T
([26], 4.6.1.1. That section provides only for the \336eld values ) 93.6 624 T
5 F
(MIC-ONLY) 381.74 624 T
0 F
( and ) 439.31 624 T
5 F
(ENCRYPTED) 462.62 624 T
0 F
(.) 527.39 624 T
(17) 72 600 T
([26], \2444.6.1.2.) 93.6 600 T
(18) 72 576 T
([26], \2444.3.2.4.) 93.6 576 T
(19) 72 552 T
-0.29 (This is actually a subset of the International Alphabet IA5; the elements of this subset are rep-) 93.6 552 P
(resented identically in IA5 and ASCII. See [26], p. 13.) 93.6 532 T
(20) 72 508 T
0 ([26], \2444.3.2.4 also provided that, if the message were partially encrypted, an asterisk \322*\323 was) 93.6 508 P
0.57 (to be placed before and after the character sequences corresponding to cleartext regions. As) 93.6 488 P
(partial encryption has been dropped, so has this character) 93.6 468 T
(.) 367.72 468 T
(21) 72 444 T
(This processing mode is new and not described in [26], 4.6.1.1.) 93.6 444 T
(22) 72 420 T
([26], \2444.6.2.1, \2444.6.4.1.) 93.6 420 T
(23) 72 396 T
0.65 (In [23] and [26], all encapsulated header \336elds began with ) 93.6 396 P
5 F
1.55 (X-) 382.17 396 P
0 F
0.65 ( to indicate they were experi-) 396.56 396 P
0.05 (mental and non-standard, as required by [13]. Since they are now part of a draft standard and) 93.6 376 P
-0.61 (no longer experimental, the ) 93.6 356 P
5 F
-1.47 (X-) 226.05 356 P
0 F
-0.61 ( will be dropped. Also, the ) 240.45 356 P
5 F
-1.47 (Originator-ID) 367.36 356 P
0 F
-0.61 ( header \336eld was) 460.9 356 P
0.08 (called the ) 93.6 336 P
5 F
0.2 (Sender-ID) 143.06 336 P
0 F
0.08 ( header \336eld in [23], but the name was changed to distinguish it from) 207.82 336 P
(the more common ) 93.6 316 T
5 F
(Sender) 183.87 316 T
0 F
( \336eld \050[13], \2444.4.2\051.) 227.05 316 T
(24) 72 292 T
([26], \2445.2.1.1, \2446.1.) 93.6 292 T
(25) 72 268 T
(This has been added to conform to the normal way of processing host names in the Internet.) 93.6 268 T
(26) 72 244 T
([26], \2445.2.1.3.) 93.6 244 T
(27) 72 220 T
-0.09 (The common name attribute \050CN\051 should be omitted, as the issuing authority is always an or-) 93.6 220 P
0.02 (ganization or an or) 93.6 200 P
0.02 (ganizational unit. Originally) 183.72 200 P
0.02 (, any unique name could be used, but in an in-) 318.57 200 P
(ternet without a central administrator) 93.6 180 T
(, this could lead to ambiguities.) 270.99 180 T
(28) 72 156 T
0.34 ([26], \2445.2.1.3. Originally any disambiguating string could be used for any scheme, but since) 93.6 156 P
0.54 (certi\336cates are issued with a serial number unique to each issuing authority) 93.6 136 P
0.54 (, it is simplest to) 458.86 136 P
0.03 (make the identifying string identify the precise certi\336cate. Note that certi\336cates contain expi-) 93.6 116 P
(ration times, so those are as readily available as if they were given as the identifying string.) 93.6 96 T
FMENDPAGE
%%EndPage: "41" 42
%%Page: "42" 42
612 792 0 FMBEGINPAGE
72 745.99 540 756 R
7 X
0 K
V
72 32.69 540 42.7 R
V
0 F
0 X
(Page 42 of 44) 473.71 34.7 T
72 72 540 720 R
7 X
V
0 X
(29) 72 712 T
([26], \2444.6.2.1.) 93.6 712 T
(30) 72 688 T
([26], \2445.2.) 93.6 688 T
(31) 72 664 T
([26], \2444.6.4.2.1.) 93.6 664 T
(32) 72 640 T
-0.42 ([27], \2441, \2442.1.1, and \2442.1.2. Other data exchange key encryption algorithms may be added lat-) 93.6 640 P
(er) 93.6 620 T
(.) 102.26 620 T
(33) 72 596 T
([27], \2441, \2444. Again, other message integrity check algorithms may be added later) 93.6 596 T
(.) 481.32 596 T
(34) 72 572 T
([26], \2445.2.) 93.6 572 T
(35) 72 548 T
([26], \2444.6.4.2.2.) 93.6 548 T
(36) 72 524 T
(Other data exchange key encryption algorithms may be added later; see [27], \2441 and 3.1.) 93.6 524 T
(37) 72 500 T
([26], \2444.6.3.1.) 93.6 500 T
(38) 72 476 T
(Other message integrity check algorithms may be added later; see [27], \2441, \2444.1, and 4.2.) 93.6 476 T
(39) 72 452 T
(This changes [23], \2444.6.2.3, in which the message integrity check is never encrypted.) 93.6 452 T
(40) 72 428 T
([23], \2443.1.) 93.6 428 T
(41) 72 404 T
([26], \2444.6.2.1.) 93.6 404 T
(42) 72 380 T
([26], \2444.6.3.1.) 93.6 380 T
(43) 72 356 T
([23], \2443.4.1.1.) 93.6 356 T
(44) 72 332 T
([23], \2443.4.1.2.) 93.6 332 T
(45) 72 308 T
([23], \2443.4.1.5.) 93.6 308 T
(46) 72 284 T
([23], \2443.4.1) 93.6 284 T
(47) 72 260 T
0.93 ([26], \2443.1.4.7; [27], \2444.2. As other equally strong \050or stronger\051 one-way hash functions are) 93.6 260 P
-0.26 (found that are computationally as ef) 93.6 240 P
-0.26 (\336cient as this one, they may be added to the list of accept-) 264.96 240 P
-0.12 (able hash algorithms. RSA-MD4 was not added as it is quite new) 93.6 220 P
-0.12 (, and so the protocol authors) 404.67 220 P
(were less comfortable using it to protect the interchange keys embodied in the certi\336cates.) 93.6 200 T
(48) 72 176 T
1.45 (The Distinguished Name may be written using the full T) 93.6 176 P
1.45 (.61 character set, as described in) 377.23 176 P
-0.58 (X.500 [10]; however) 93.6 156 P
-0.58 (, some alternate representations of characters which software cannot print) 192.21 156 P
(would be represented as a backslash followed by the character) 93.6 136 T
(\325) 392.79 136 T
(s octal representation.) 396.12 136 T
(49) 72 112 T
-0.17 (Originally this was to be a structured Personal Name component \050as de\336ned in X.400 [8]\051 but) 93.6 112 P
(was changed to conform to X.500.) 93.6 92 T
FMENDPAGE
%%EndPage: "42" 43
%%Page: "43" 43
612 792 0 FMBEGINPAGE
72 745.99 540 756 R
7 X
0 K
V
72 32.69 540 42.7 R
V
0 F
0 X
(Page 43 of 44) 473.71 34.7 T
72 72 540 720 R
7 X
V
0 X
(50) 72 712 T
-0.74 ( For compatibility with the U. S. Government Open Systems Interconnection Pro\336le [19], [23],) 93.6 712 P
-0.51 (\2443.4.1.3 limited the number and length of each \336eld in the Distinguished Name. This has since) 93.6 692 P
(been changed to conform to the limits in X.520.) 93.6 672 T
(51) 72 648 T
-0.51 (Note that [23] allows any Distinguished Name attributes to be used, uless expressly prohibited) 93.6 648 P
0.58 (\050and this is done only in the case of certifying authorities, which cannoit have the Common) 93.6 628 P
0.17 (Name attribute\051. However) 93.6 608 P
0.17 (, allowing a certi\336cate with an or) 219.03 608 P
0.17 (ganization in the subject\325) 378.07 608 P
0.17 (s Distin-) 498.85 608 P
-0.36 (guished Name to be issued to an af) 93.6 588 P
-0.36 (\336liated user would be very misleading unless the certi\336cate) 258.41 588 P
(were examined carefully) 93.6 568 T
(, so the proposal was revised to eliminate possible confusion.) 211.37 568 T
(52) 72 544 T
([23], \2443.4.1.4.) 93.6 544 T
(53) 72 520 T
-0.05 ([23] does not specify the order of or) 93.6 520 P
-0.05 (ganizational units, but they are to be written most signi\336-) 265.92 520 P
(cant member \336rst.) 93.6 500 T
(54) 72 476 T
([23], \2443.3.3.1.) 93.6 476 T
(55) 72 452 T
([23], \2443.3.1.) 93.6 452 T
(56) 72 428 T
([23], \2443.3.2.) 93.6 428 T
(57) 72 404 T
([23], \2443.3.3.) 93.6 404 T
(58) 72 380 T
([23], \2443.1.) 93.6 380 T
(59) 72 356 T
-0.64 ([23] does not require top-level certifying authorities to sign certi\336cates of all certifying author-) 93.6 356 P
(ities in their domain.) 93.6 336 T
(60) 72 312 T
0.39 ([23] combines the guest and notary certi\336cates, calling them notary certi\336cates. The distinc-) 93.6 312 P
-0.26 (tion was made to clarify whether or not or) 93.6 292 P
-0.26 (ganizational af) 293.18 292 P
-0.26 (\336liation as well as identity was being) 363.64 292 P
(vouched for) 93.6 272 T
(.) 150.56 272 T
(61) 72 248 T
([23], \2443.4.2.) 93.6 248 T
(62) 72 224 T
([23], \2443.3.3.2.) 93.6 224 T
(63) 72 200 T
-0.08 (The international standard [1) 93.6 200 P
-0.08 (1] does not recommend a key length but suggests that \322a value...) 231.8 200 P
-0.44 (of 512 bits be adopted initially) 93.6 180 P
-0.44 (, but subject to ) 237.56 180 P
2 F
-0.44 (further study) 309.44 180 P
0 F
-0.44 (\323 \050emphasis in original\051. Originally) 370.64 180 P
-0.44 (,) 537 180 P
0.3 (these limits were 320 and 632 bits \050about 2) 93.6 160 P
7 F
0.3 (\264) 302.52 160 P
0 F
0.3 (10) 309.1 160 P
3 F
0.25 (97) 321.1 164.8 P
0 F
0.3 ( and 2) 331.09 160 P
7 F
0.3 (\264) 361 160 P
0 F
0.3 (10) 367.58 160 P
3 F
0.25 (191) 379.57 164.8 P
0 F
0.3 (, respectively\051; these limits on) 394.57 160 P
-0.33 (the modulus size were chosen so that the software implementing the RSA cryptographic algo-) 93.6 140 P
-0.22 (rithms would be potentially exportable from the United States. However) 93.6 120 P
-0.22 (, other characteristics) 438.2 120 P
-0.33 (of software implementing these protocols also af) 93.6 100 P
-0.33 (fects exportability) 325.24 100 P
-0.33 (, and given the success that) 411.07 100 P
-0.08 (Lenstra and Manasse have had in factoring numbers of around 100 digits [25], it was deemed) 93.6 80 P
FMENDPAGE
%%EndPage: "43" 44
%%Page: "44" 44
612 792 0 FMBEGINPAGE
72 745.99 540 756 R
7 X
0 K
V
72 32.69 540 42.7 R
V
0 F
0 X
(Page 44 of 44) 473.71 34.7 T
72 72 540 720 R
7 X
V
0 X
(prudent to increase the modulus size to a minimum of 512 bits.) 93.6 712 T
(64) 72 688 T
0.71 ([27], \2443.1. The proposal also states that the public key is to consist of more than 100 digits) 93.6 688 P
-0.17 (\050[23], \2443.3.1\051; this means that if the exponent is 3, the modulus must be at least 100 digits. As) 93.6 668 P
(noted in the previous footnote, the modulus should actually be much lar) 93.6 648 T
(ger) 437.83 648 T
(.) 452.49 648 T
(65) 72 624 T
(At most 17 multiplications are required to exponentiate to that power) 93.6 624 T
(.) 424.73 624 T
(66) 72 600 T
0.08 ([27], \2443.1; [30] discusses the theory behind this. In fact, the pseudorandom quantity concate-) 93.6 600 P
(nated with the exponent should contain at least half as many bits as the modulus.) 93.6 580 T
(67) 72 556 T
([23], \2441.) 93.6 556 T
(68) 72 532 T
([23], \2443.3.3.) 93.6 532 T
(69) 72 508 T
-0.62 ([22]; this mechanism for issuing, and paying for) 93.6 508 P
-0.62 (, certi\336cates is not in [23], nor is it yet in place;) 319.96 508 P
(BBN Communications isdesigning and building a prototype certi\336cate generation unit.) 93.6 488 T
(70) 72 464 T
(The exact number has not yet been decided.) 93.6 464 T
(71) 72 440 T
0.15 (These details are not prescribed by either [23] or [26], but have since been adopted to ensure) 93.6 440 P
(the user receives at least minimal information when something is amiss.) 93.6 420 T
(72) 72 396 T
(3[26], \2444.5.) 93.6 396 T
(73) 72 372 T
([26], p. 10.) 93.6 372 T
(74) 72 348 T
([26], \2444.2.) 93.6 348 T
FMENDPAGE
%%EndPage: "44" 45
%%Trailer
%%BoundingBox: 0 0 612 792
%%Pages: 44 1
%%DocumentFonts: Times-Roman
%%+ Times-Bold
%%+ Times-Italic
%%+ Courier
%%+ Courier-Oblique
%%+ Symbol
%%+ Times-BoldItalic