idnits 2.17.1 

draft-ietf-smime-examples-01.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

  ** Looks like you're using RFC 2026 boilerplate.  This must be updated to
     follow RFC 3978/3979, as updated by RFC 4748.


  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

  ** Missing expiration date.  The document expiration date should appear on
     the first and last page.

  ** The document seems to lack a 1id_guidelines paragraph about 6 months
     document validity -- however, there's a paragraph with a matching
     beginning. Boilerplate error?

  ** The document seems to lack a 1id_guidelines paragraph about the list of
     current Internet-Drafts. 

  ** The document seems to lack a 1id_guidelines paragraph about the list of
     Shadow Directories. 

  == No 'Intended status' indicated for this document; assuming Proposed
     Standard

  == The page length should not exceed 58 lines per page, but there was 1
     longer page, the longest (page 1) being 683 lines


  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  ** The document seems to lack an IANA Considerations section.  (See Section
     2.2 of https://www.ietf.org/id-info/checklist for how to handle the case
     when there are no actions for IANA.)

  ** There are 4 instances of too long lines in the document, the longest one
     being 2 characters in excess of 72.

  ** There are 4 instances of lines with control characters in the document.


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  -- The document seems to lack a disclaimer for pre-RFC5378 work, but may
     have content which was first submitted before 10 November 2008.  If you
     have contacted all the original authors and they are all willing to grant
     the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
     this comment.  If not, you may need to add the pre-RFC5378 disclaimer. 
     (See the Legal Provisions document at
     https://trustee.ietf.org/license-info for more information.)

  -- The document date (June 25, 1999) is 9071 days in the past.  Is this
     intentional?

  -- Found something which looks like a code comment -- if you have code
     sections in the document, please surround them with '<CODE BEGINS>' and
     '<CODE ENDS>' lines.


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  -- Missing reference section? 'CMS' on line 452 looks like a reference

  -- Missing reference section? 'SMIME-MSG' on line 456 looks like a reference

  -- Missing reference section? 'SMIME-ESS' on line 458 looks like a reference

  -- Missing reference section? 'PKIX' on line 454 looks like a reference

  -- Missing reference section? 'PH' on line 641 looks like a reference

  -- Missing reference section? 'BR' on line 640 looks like a reference

  -- Missing reference section? 'JS' on line 642 looks like a reference


     Summary: 8 errors (**), 0 flaws (~~), 2 warnings (==), 10 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------

1	Internet Draft                              Editor: Paul Hoffman
2	draft-ietf-smime-examples-01.txt            Internet Mail Consortium
3	June 25, 1999
4	Expires in six months

6	                  Examples of S/MIME Messages

8	Status of this memo

10	Internet-Drafts are working documents of the Internet Engineering Task
11	Force (IETF), its areas, and its working groups.  Note that other
12	groups may also distribute working documents as Internet-Drafts.

14	Internet-Drafts are draft documents valid for a maximum of six months
15	and may be updated, replaced, or obsoleted by other documents at any
16	time.  It is inappropriate to use Internet- Drafts as reference
17	material or to cite them other than as "work in progress."

19	To view the list Internet-Draft Shadow Directories, see
20	http://www.ietf.org/shadow.html.

22	This document is an Internet-Draft and is in full conformance with all
23	provisions of Section 10 of RFC2026.

25	Abstract

27	This document gives examples of message bodies formatted using S/MIME.
28	Specifically, it has examples of Cryptographic Message Syntax (CMS)
29	objects, S/MIME messages (including the MIME formatting), and Enhanced
30	Security Services for S/MIME (ESS). It includes examples of most or all
31	common CMS and ESS formats; in addition, it gives examples that show
32	common pitfalls in implementing CMS. The purpose of this document is to
33	help increase interoperability for S/MIME and other protocols that rely
34	on CMS.

36	This draft is being discussed on the 'ietf-smime' mailing list.  To
37	join the list, send a message to <ietf-smime-request@imc.org> with the
38	single word "subscribe" in the body of the message.  Also, there is a
39	Web site for the mailing list at <http://www.imc.org/ietf-smime/>.

41	1. Introduction

43	The examples in this document show the structure and format of CMS
44	message bodies, as described in [CMS]. They are useful to implementors
45	who use protocols that rely on CMS, such as the S/MIME message format
46	protocol. There are also examples of simple S/MIME messages [SMIME-MSG]
47	(including the MIME headers), and ESS messages [SMIME-ESS].

49	Every example in this document has been checked by two different
50	implementors. This strongly indicates (but does not assure) that the
51	examples are correct. All CMS implementors must read the CMS document
52	carefully before implementing from it. No one should use the examples
53	in this document as stand-alone explanations of how to create CMS
54	message bodies.

56	This document explicitly does not attempt to cover many PKIX [PKIX]
57	examples. Documents with examples of that format may be forthcoming.

59	2. Contributions To This Document

61	The examples shown here were created and validated by many different
62	people. In the example listings, there is a tag with the initials of
63	the creator of the example, and one or more tags for the people who
64	validated the example.

66	Some of the examples are of mis-implementations of CMS and ESS. That
67	is, if a developer reading the CMS or ESS specification created a
68	message body that was illegal, and another developer agreed that the
69	mis-reading was potentially a pitfall for later developers, that
70	message body is also included here. To make it clear which examples are
71	bad, they are all put into a single section of this document with
72	(hopefully) explicit headings.

74	To contribute an implementation of an unimplemented example listed in
75	this document, to verify that you got the same results as an example
76	listed here, or to suggest a new example that should be listed, please
77	contact the document author at the address listed near the end of the
78	document.

80	3. Constants Used in the Examples

82	This section defines the data used in the rest of the document. The names
83	of the constants indicate their use. For example, AlicePrivDSSSign is the
84	private part of Alice's DSS signing key.

86	 - Alice is the creator of the message bodies in this spec.

88	 - Bob is the recipient of the messages.

90	 - Carl is a CA.

92	 - Diane sometimes gets involved with these folks.

94	3.1 Content of documents

96	ExContent is the following sentence:
97	     This is some sample content.
98	That is, it is the string of characters starting with "T" up to and
99	including the ".".

101	The hex for ExContent is
102	5468 6973 2069 7320 736f 6d65 2073 616d 706c 6520 636f 6e74 656e 742e

104	The MD5 hash of ExContent is
105	9898 cac8 fab7 691f f89d c207 24e7 4a04

107	The SHA-1 hash of ExContent is
108	406a ec08 5279 ba6e 1602 2d9e 0629 c022 9687 dd48

110	3.2 Keys

112	The following keys are needed to create the samples. Note that
113	BobPubDHEncrypt and DianePubDHEncrypt do *not* share Diffie-Hellman
114	parameters; however, Bob and Erica share Diffie-Hellman parameters.

116	AlicePrivDSSSign = XXXXX
117	AlicePrivRSASign = XXXXX
118	AlicePubDSSSign = XXXXX
119	AlicePubRSASign = XXXXX
120	BobPrivDHEncrypt = XXXXX
121	BobPrivRSAEncrypt = XXXXX
122	BobPubDHEncrypt = XXXXX
123	BobPubRSAEncrypt = XXXXX
124	CarlPrivDSSSign = XXXXX
125	CarlPrivRSASign = XXXXX
126	CarlPubDSSSign = XXXXX
127	CarlPubRSASign = XXXXX
128	DianePubDSSSign = XXXXX
129	DianePubRSASignEncrypt = XXXXX
130	DianePubDHEncrypt = XXXXX
131	EricaPubDHEncryptBobParam = XXXXX
132	EricaPrivDHEncryptBobParam = XXXXX
133	MailListTripleDES = XXXXX
134	MailListRC2 = XXXXX

136	3.3 Certificates

138	AliceDSSSignByCarlNoInherit = XXXXX
139	AliceRSASignByCarl = XXXXX
140	BobDHEncryptByCarl =  XXXXX
141	CarlDSSSelf = XXXXX
142	CarlRSASelf = XXXXX
143	DianeDSSSignByCarlInherit = XXXXX
144	DianeDHEncryptByCarl = XXXXX
145	DianeRSASignEncryptByCarl = XXXXX
146	EricaDHEncryptByCarl = XXXXX

148	3.4 CRLs

150	CarlCRL is a CRL from Carl that contains three revocations.

152	CarlCRL = XXXXX

154	4. Trivial Examples

156	This section covers examples of small CMS types.

158	4.1 ContentInfo with Data type, BER

160	The object is a ContentInfo containing a Data object in BER format that is
161	ExContent.

163	XXXXX

165	4.2 ContentInfo with Data type, DER

167	The object is a ContentInfo containing a Data object in DER format that is
168	ExContent.

170	DataTypeDER.bin:

172	XXXXX

174	5.  Signed-data

176	5.1 Basic signed content, DSS

178	A SignedData with no attribute certificates, signed by Alice using
179	DH-DSS, just her certificate (not Carl's root cert), no CRL. The
180	message is ExContent, and is included in the eContent. There are no
181	signed or unsigned attributes.

183	XXXXX

185	5.2 Basic signed content, RSA

187	Same as 5.1, except using RSA signatures. A SignedData with no
188	attribute certificates, signed by Alice using RSA, just her certificate
189	(not Carl's root cert), no CRL. The message is ExContent, and is
190	included in the eContent. There are no signed or unsigned attributes.

192	XXXXX

194	5.3 Basic signed content, detached content

196	Same as 5.1, except with no eContent. A SignedData with no attribute
197	certificates, signed by Alice using DH-DSS, just her certificate (not
198	Carl's root cert), no CRL. The message is ExContent, but the eContent
199	is not included. There are no signed or unsigned attributes.

201	XXXXX

203	5.4 Fancier signed content

205	Same as 5.1, but includes Carl's root cert, Carl's CRL, some signed and
206	unsigned attributes (Countersignature by Diane). A SignedData with no
207	attribute certificates, signed by Alice using DH-DSS, her certificate
208	and Carl's root cert, Carl's DSS CRL. The message is ExContent, and is
209	included in the eContent. The signed attributes are Content Type,
210	Message Digest and Signing Time; the unsigned attributes are XXXXX.

212	XXXXX

214	5.5 All RSA signed message

216	Same as 5.2, but includes Carl's RSA root cert (but no CRL). A
217	SignedData with no attribute certificates, signed by Alice using RSA,
218	her certificate and Carl's root cert, no CRL. The message is ExContent,
219	and is included in the eContent. There are no signed or unsigned
220	attributes.

222	XXXXX

224	5.6 Multiple signers

226	Similar to 5.1, but the message is also signed by Diane. Two
227	SignedDatas (one for Alice, one for Diane) with no attribute
228	certificates, each signed using DH-DSS, Alice's and Diane's certificate
229	(not Carl's root cert), no CRL. The message is ExContent, and is
230	included in the eContent. There are no signed or unsigned attributes.

232	XXXXX

234	5.7 Signing using SKI

236	Same as 5.1, but the signature uses the SKI instead of the
237	issuer/serial number in the cert. A SignedData with no attribute
238	certificates, signed by Alice using DH-DSS, just her certificate (not
239	Carl's root cert), identified by the SKI, no CRL. The message is
240	ExContent, and is included in the eContent. There are no signed or
241	unsigned attributes.

243	XXXXX

245	5.8 S/MIME multipart/signed message

247	A full S/MIME message, including MIME, that includes the body part from
248	5.3 and the body containing the content of the message.

250	XXXXX

252	5.9 S/MIME application/pkcs7-mime signed message

254	A full S/MIME message, including MIME, that includes the body part from
255	5.1.

257	XXXXX

259	6.  Enveloped-data

261	6.1 Basic encrypted content, TripleDES and DH

263	An EnvelopedData from Alice to Bob of ExContent using TripleDES for
264	encrypting and Diffie-Hellman for key management. Does not have a
265	OriginatorInfo or any attributes.

267	XXXXX

269	6.2 Basic encrypted content, TripleDES and RSA

271	Same as 6.1, except with RSA for key management. An EnvelopedData from
272	Alice to Bob of ExContent using TripleDES for encrypting and RSA for
273	key management. Does not have a OriginatorInfo or any attributes.

275	XXXXX

277	6.3 Basic encrypted content, RC2/40 and RSA

279	Same as 6.1, except using RC2/40 for encryption and RSA for key
280	management. An EnvelopedData from Alice to Bob of ExContent using
281	RC2/40 for encrypting and RSA for key management. Does not have a
282	OriginatorInfo or any attributes.

284	XXXXX

286	6.4 Encrypted content, two recipients, no shared keying material

288	Same as 6.1, except sent to both Bob and Diane. An EnvelopedData from
289	Alice to Bob and Diane of ExContent using TripleDES for encrypting and
290	Diffie-Hellman for key management. Does not have a OriginatorInfo or
291	any attributes.

293	XXXXX

295	6.5 Encrypted content, two recipients, shared keying material

297	Same as 6.4, except sent to Bob and Erica using keys that have shared
298	parameters so the result does not include the UKMs. An EnvelopedData
299	from Alice to Bob and Erica of ExContent using TripleDES for encrypting
300	and Diffie-Hellman for key management. Does not have a OriginatorInfo
301	or any attributes. Uses BobPubDHSharedEncrypt and
302	DianePubDHSharedEncrypt for keys.

304	XXXXX

306	6.6 Encrypted content, TripleDES and DH, previously-distributed keys

308	Same as 6.1, except sent using a previously-distributed key. An
309	EnvelopedData from Alice to Bob of ExContent using TripleDES for
310	encrypting and Diffie-Hellman for key management, using the
311	MailListTripleDES key. Does not have a OriginatorInfo or any
312	attributes.

314	XXXXX

316	6.7 Encrypted content, RC2/40 and RSA, previously-distributed keys

318	Same as 6.1, except sent using a previously-distributed key. An
319	EnvelopedData from Alice to Bob of ExContent using TripleDES for
320	encrypting and RSA for key management, using the MailListRC2 key. Does
321	not have a OriginatorInfo or any attributes.

323	XXXXX

325	6.8 S/MIME application/pkcs7-mime encrypted message

327	A full S/MIME message, including MIME, that includes the body part from
328	6.1.

330	XXXXX

332	7. Digested-data

334	A DigestedData from Alice to Bob of ExContent using SHA-1.

336	XXXXX

338	8. Encrypted-data

340	An EncryptedData from Alice to Bob of ExContent with no attributes.

342	XXXXX

344	9. Authenticated-data

346	9.1 Authenticated data with no autenticated attributes

348	An AutenticatedData from Alice to Bob using XXXXXXXXXX with no
349	authenticated attributes.

351	XXXXX

353	9.2 Authenticated data with autenticated attributes

355	An AutenticatedData from Alice to Bob using XXXXXXXXXX with the
356	content-type and message-digest authenticated attributes.

358	XXXXX

360	10. Key Wrapping

362	This section shows the steps needed to wrap keys, as described in
363	section 12.6 of [CMS].

365	10.1 Wrapping RC2

367	This example shows how to wrap an RC2 key.

369	The CEK to be wrapped is
370	b70a 25fb c9d8 6a86 050c e0d7 11ea d4d9

372	The hash of the CEK is
373	0a6f f19f db40 4988

375	The random value used is
376	4845 cce7 fd12 50

378	The CEK initialization vector is
379	c7d9 0059 b29e 97f7

381	The KEK is
382	fd04 fd08 0607 07fb 0003 feff fd02 fe05

384	The "Pre Encrypt #1" is
385	10b7 0a25 fbc9 d86a 8605 0ce0 d711 ead4
386	d9 4845 cce7 fd12 500a 6ff1 9fdb 4049 88

388	The "Pre Encrypt #2" is
389	a7f7 1fa3 078a a99f 3299 8eff 9ed7 8cac
390	b870 ce04 f555 8ce4 6012 9337 59a2 1da0
391	f797 9eb2 5900 d9c7

393	The wrapped CEK is
394	70e6 99fb 5701 f783 3330 fb71 e87c 85a4
395	20bd c99a f05d 22af 5a0e 48d3 5f31 3898
396	6cba afb4 b28d 4f35

398	10.2 Wrapping TripleDES

400	XXXXX

402	11. ESS Examples

404	11.1 ReceiptRequest

406	Alice asks Bob for a reciept on the message in 5.1.

408	XXXXX

410	11.2 Receipt

412	Bob gives Alice a receipt for the message in 11.1.

414	XXXXX

416	11.3 eSSSecurityLabel

418	Alice includes a security label in the message in 5.1.

420	XXXXX

422	11.4 EquivalentLabels

424	Alice uses an EquivalentLabels in the message in 11.3.

426	XXXXX

428	11.5 mlExpansionHistory

430	The mailing list sends a message with a mlExpansionHistory attribute.

432	XXXXX

434	11.6 SigningCertificate

436	Alice uses a SigningCertificate attribute in the message in 5.1.

438	XXXXX

440	12. Security Considerations

442	Because this document shows examples of S/MIME, CMS, and ESS messages,
443	this document also inherits all of the security considerations from
444	[SMIME-MSG], [CMS], and [SMIME-ESS].

446	The Perl script in Appendix B writes to the user's local hard drive. A
447	malicious attacker could modify the Perl script in this document. Be
448	sure to read the Perl code carefully before executing it.

450	A. References

452	[CMS] Cryptographic Message Syntax, RFC 2630.

454	[PKIX] PKIX Certificate and CRL Profile, RFC 2459.

456	[SMIME-MSG] S/MIME Version 3 Message Specification. RFC 2633.

458	[SMIME-ESS] Enhanced Security Services for S/MIME, RFC 2634.

460	B. Binaries of the Examples

462	This section contains the binaries of the examples shown in the rest of
463	the document. The binaries are stored in a modified Base64 format.
464	There is a Perl program that, when run over the contents of this
465	document, will extract the following binaries and write them out to
466	disk. The program works with Perl for Unix and Windows 95/98/NT (and
467	possibly Macintosh).

469	B.1 How the binaries and extractor works

471	The program in the next section looks for lines that begin with a '|'
472	character (or some whitespace followed by a '|'), ignoring all other
473	lines. If the line begins with '|', the second character tells what
474	kind of line it is:
475	   A line that begins with |* is a comment
476	   A line that begins with |> gives the name of a new file to start
477	   A line that begins with |< tells to end the file (and checks the
478	         file name for sanity)
479	   A line that begins with |anythingelse is a Base64 line

481	The program writes out a series of files, so you should run this in an
482	empty directory. The program will overwrite files (if it can), but won't
483	delete other files already in the directory.

485	Run this program with this document as the standard input, such as:
486	    extractsample <draft-ietf-smime-examples

488	If you want to extract without the program, copy all the lines between
489	the "|>" and "|<" markers, remove any page breaks, and remove the "|"
490	in the first column of each line. The result is a valid Base64 blob that
491	can be processed by any Base64 decoder.

493	B.2 Example extraction program

495	#!/usr/bin/perl

497	# CMS Samples extraction program. v 1.1

499	# Get all the input as an array of lines
500	@AllIn = (); while (<STDIN>) { push(@AllIn, $_) }

502	$Base64Chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqr' .
503	    'stuvwxyz0123456789+/=';
504	$LineCount = 0; $CurrFile = '';

506	foreach $Line (@AllIn) {
507	    $LineCount++;  # Keep the line counter for error messages
508	    $Line =~ s/^\s*//;  # Get rid of leading whitespace
509	    chomp($Line);  # Get rid of CR or CRLF at the end of the line
510	    if(substr($Line, 0, 1) ne '|') { next }  # Not a special line
511	    elsif(substr($Line, 1, 1) eq '*') { next }  # It is a comment
512	    elsif(substr($Line, 1, 1) eq '>')
513	        { &StartNewFile(substr($Line, 2)) }  # Start a new file
514	    elsif(substr($Line, 1, 1) eq '<')
515	        { &EndCurrFile(substr($Line, 2)) }  # End the current file
516	    else { &DoBase64(substr($Line, 1)) }  # It is a line of Base64
517	}

519	sub StartNewFile {
520	    $TheNewFile = shift(@_);
521	    if($CurrFile ne '') { die "Was about to start a new file at " .
522	        "line $LineCount, but the old file, $CurrFile, was open\n" }
523	    open(OUT, ">$TheNewFile") or
524	        die "Could not open $TheNewFile for writing: $!\n";
525	    $CurrFile = $TheNewFile;
526	    $LeftOver = 0;  # Amount left from previous Base64 character
527	    $NextPos = 0;  # Bit position to start the next Base64 character
528	                   #     (bits are numbered 01234567)
529	    $OutString = '';  # Holds the text going out to the file
530	}

532	sub EndCurrFile {
533	    $FileToEnd = shift(@_);
534	    if($CurrFile ne $FileToEnd) { die "Was about to close " .
535	        "$FileToEnd at line $LineCount, but that name didn't match " .
536	        "the name of the currently open file, $CurrFile\n" }
537	    print OUT $OutString;
538	    close(OUT);
539	    $CurrFile = '';
540	}

542	sub DoBase64 {
543	    $TheIn = shift(@_);
544		if($CurrFile eq '') { die "Got some Base64 at line $LineCount, " .
545			"but appear to not be writing to any particular file" }
546	    @Chars = split(//, $TheIn);  # Make an array of the characters
547	    foreach $ThisChar (@Chars) {
548			# $ThisVal is the position in the string and the Base64 value
549	        $ThisVal = index($Base64Chars, $ThisChar);
550	        if($ThisVal == -1) { die "At line $LineCount, found the " .
551	            "character $ThisChar, which is not a Base64 character\n" }
552	        if($ThisVal == 64) { last }  # It is a "=", so we're done
553	        if ($NextPos == 0 ) {
554	            # Don't output anything, just fill the left of $LeftOver
555	            $LeftOver = $ThisVal * 4;
556	            $NextPos = 6;
557	        } elsif ($NextPos == 2) {
558				# Add $ThisVal to $LeftOver, output, and reset
559	            $OutString .= chr($LeftOver + $ThisVal);
560	            $LeftOver = 0;
561	            $NextPos = 0;
562	        } elsif ($NextPos == 4) {
563	            # Add upper 4 bits of $ThisVal to $LeftOver and output
564	            $Upper4 = ($ThisVal & 60);
565	            $OutString .= chr($LeftOver + ($Upper4/4));
566	            $LeftOver = (($ThisVal - $Upper4) * 64);
567	            $NextPos = 2;
568	        } elsif ($NextPos == 6) {
569	            # Add upper 2 bits of $ThisVal to $LeftOver and output
570	            $Upper2 = ($ThisVal & 48);
571	            $OutString .= chr($LeftOver + ($Upper2/16));
572	            $LeftOver = (($ThisVal - $Upper2) * 16);
573	            $NextPos = 4;
574	        } else { die "\$NextPos has an illegal value: $NextPos." }
575	    }
576	}

578	B.3 Examples by section

580	B.3.1 Examples from section 3.1

582	|* ExContent is just the message; creator: [PH]
583	|>ExContent.bin
584	|VGhpcyBpcyBzb21lIHNhbXBsZSBjb250ZW50Lg==
585	|<ExContent.bin

587	B.3.2 Examples from section 3.2

589	|* Here is the gang of keys
590	|>AlicePrivDSSSign.key
591	|blablahblah
592	|moreblahblahblah
593	|<AlicePrivDSSSign.key
594	|>AlicePrivRSASign.key
595	|BlablahblaH
596	|MoreblahblahBlah
597	|<AlicePrivRSASign.key
598	. . .

600	B.10.1 Examples from section 10.1

602	|* The CEK to be wrapped
603	|>RC2CEK.bin
604	|<RC2CEK.bin

606	|* The hash of the CEK
607	|>RC2CEKHash.bin
608	|<RC2CEKHash.bin

610	|* The random value used
611	|>RC2Rand.bin
612	|<RC2Rand.bin

614	|* The CEK initialization vector
615	|>RC2CEKIV.bin
616	|<RC2CEKIV.bin

618	|* The KEK
619	|>RC2KEK.bin
620	|<RC2KEK.bin

622	|* The "Pre Encrypt #1"
623	|>RC2Pre1.bin
624	|<RC2Pre1.bin

626	|* The "Pre Encrypt #2"
627	|>RC2Pre2.bin
628	|<RC2Pre2.bin

630	|* The wrapped CEK
631	|>RC2Wrapped.bin
632	|<RC2Wrapped.bin

634	C. Acknowledgments

636	The following people contributed ideas and/or examples to this
637	document. They are listed by their real names, with the initials used
638	in the examples after their names.

640	Blake Ramsdell [BR]
641	Paul Hoffman [PH]
642	Jim Schaad [JS]
643	. . .

645	The examples are displayed with a modified version of Peter Gutmann's
646	"dumpasn1" program.

648	D. Differences between -00 and -01

650	Title, Abstract, Intro: Added examples of S/MIME messages (including
651	the MIME) and ESS messages to the general description.

653	3.2: Changed Diane's RSA key to be for both signing and encrypting.
654	Added Erica's DH keys, which share Bob's parameters.

656	3.3: Changed Alice's DSS cert to explicitly not inherit Carl's DSS
657	parameters. Changed Diane's DSS cert to explicitly inherit Carl's DSS
658	parameters. Changed Diane's RSA cert to be for both signing and
659	encrypting. Gave Erica a DH cert.

661	5.6, 5.7, 5.8: Renumbered to 5.5, 5.6, 5.7.

663	5.8, 5.9: New examples of signed S/MIME messages.

665	6.4: Removed the keys that were used in only that section.

667	6.8: New example of encrypted S/MIME message.

669	10: Added entire section.

671	11: Added entire section.

673	12: Added entire section.

675	E. Editor's Address

677	Paul Hoffman
678	Internet Mail Consortium
679	127 Segre Place
680	Santa Cruz, CA  95060 USA
681	phoffman@imc.org