1995-09-13 - MOSS [IETF privacy-enhanced mail, modified for MIME] now available

Header Data

From: Rich Salz <rsalz@osf.org>
To: cypherpunks@toad.com
Message Hash: 8a41e807f3b7e6cc6a4a3b44436a35c2f1eb16f0ec21c5be9c117ec8d48115fd
Message ID: <9509132335.AA05053@sulphur.osf.org>
Reply To: N/A
UTC Datetime: 1995-09-13 23:36:28 UTC
Raw Date: Wed, 13 Sep 95 16:36:28 PDT

Raw message

From: Rich Salz <rsalz@osf.org>
Date: Wed, 13 Sep 95 16:36:28 PDT
To: cypherpunks@toad.com
Subject: MOSS [IETF privacy-enhanced mail, modified for MIME] now available
Message-ID: <9509132335.AA05053@sulphur.osf.org>
MIME-Version: 1.0
Content-Type: text/plain


>From pem-dev-request@neptune.tis.com Wed Sep 13 19:27:35 1995
Message-Id: <9509132011.AA19261@tis.com>
Reply-To: James M Galvin <tismoss-support@TIS.COM>
To: "MOSS.Announce.List":;, tis.com@TIS.COM
Subject: ANNOUNCE: TIS/MOSS Version 7.1
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="----- =_aaaaaaaaaa0"
Content-Id: <2977.811023088.1@tis.com>
Date: Wed, 13 Sep 1995 16:11:35 -0400

------- =_aaaaaaaaaa0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <2977.811023088.2@tis.com>

Trusted Information Systems, Inc. (TIS), in cooperation with RSA Data
Security, Inc. (RSADSI), is pleased to provide TIS/MOSS, a reference
implementation of MIME Object Security Services (MOSS).  TIS/MOSS is a
security toolkit that provides digital signature and encryption services
for MIME objects.  TIS/MOSS includes the "glue" necessary for
integration with Version 6.8.3 of the Rand MH Message Handling System,
in addition to generic Bourne shell scripts that make it possible to use
it with email user agents supporting UNIX shell escapes.

In order to foster acceptance of MOSS and provide the community with a
usable, working version of this technology, TIS/MOSS is being made
available for broad use on the following basis.

TIS/MOSS is distributed in source code form, with all modules written in
the C programming language.  It runs on many UNIX derived platforms.  It
includes a DOS compilation directive that facilitates its port to
DOS/WINDOWS.

TIS/MOSS requires RSAREF, a cryptographic toolkit distributed by RSADSI.
TIS/MOSS makes use of undocumented features of RSAREF.  RSADSI has given
permission for users of TIS/MOSS to use these features, subject to the
terms and conditions of both the TIS/MOSS and RSAREF licenses, as
distributed with each software package.

TIS/MOSS is a product of Trusted Information Systems, Inc.  It may be
used by organizations and users for exchanging MOSS email messages,
subject to the terms and conditions of its license.  Enclosed below is
the MOSS Frequently Asked Questions, which includes instructions on how
to retrieve the software.

TIS/MOSS is export controlled by the U.S. Government.  As a result it is
only available to U.S. and Canadian sites and individuals.  Please see
the FAQ for more information.

------- =_aaaaaaaaaa0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <2977.811023088.3@tis.com>
Content-Description: TIS/MOSS FAQ


		  TIS/MOSS Frequently Asked Questions
			 Last Updated July 1995
	 Send questions and comments to tismoss-support@tis.com

Questions answered:

   1) What is MIME Object Security Services (MOSS)?
   2) What is MIME?
   3) How does MOSS compare to PGP and PEM?
   4) Where is the MOSS standard defined?
   5) Are there implementations of MOSS available?
   6) How do I get TIS/MOSS?
   7) Why is TIS/MOSS only available in the US and Canada?
   8) Are special privileges (e.g., root access) required to install
      TIS/MOSS?
   9) What about integrating TIS/MOSS into email user agents?
  10) What about DOS and other non-UNIX platforms?
  11) Is there a forum for MOSS users and developers?
  12) What about certificates?
  13) What is the Internet Certification hierarchy?
  14) What if I have questions or problems with TIS/MOSS?

 * means that this entry has been recently updated.
 + means that this entry has been added recently.


1
Q: What is MIME Object Security Services (MOSS)?

A: MOSS is a Privacy Enhanced Mail (PEM) derivative that is a Proposed
   Internet Standard for adding security services to Multi-purpose
   Internet Mail Extensions (MIME).  It uses the cryptographic
   techniques of digital signature and encryption to provide origin
   authentication, integrity, and confidentiality to MIME objects.
   Users of MOSS can know who originated a message, that the message
   has not been changed enroute, and that the message was kept secret
   from everyone except the intended recipients.

   MOSS depends on the existence of public/private key pairs to support
   its security services.  Users must exchange public keys with those
   other users with whom they wish to exchange MOSS email.  This may be
   accomplished manually, via mechanisms available in the protocol, via
   X.509 certificates, or any other suitable mechanism.

2
Q: What is MIME?

A: MIME is an Internet Standard (RFC 1521) that defines the format of
   email message bodies to allow multi-part textual and non-textual
   message bodies to be represented and exchanged without loss of
   information.  MIME does for message bodies what RFC822 does for
   message headers.

3
Q: How does MOSS compare to PGP and PEM?

   PGP can provide the same services but since it is not integrated with
   MIME the interpretation of the protected content is necessarily user
   controlled.  Note, however, that MIME can carry a PGP object.

   MOSS is a PEM derivative.  It integrates the security services of PEM
   with MIME, taking advantage of the extensive structuring and
   formatting facilities of MIME, limited versions of which are
   necessarily an integral part of the PEM specifications.

4
Q: Where is the MOSS standard defined?

A: There is a Proposed Standard published as an RFC that specifies MOSS.
   This document may be found in your favorite RFC repository.
   Details on obtaining RFCs via FTP or EMAIL may be obtained by sending
   an EMAIL message to "rfc-info@ISI.EDU" with the message body "help:
   ways_to_get_rfcs".  For example:

        To: rfc-info@ISI.EDU
        Subject: getting rfcs

        help: ways_to_get_rfcs

5
Q: Are there implementations of MOSS available?

A: Yes, Trusted Information Systems (TIS), under ARPA sponsorship, has
   released a reference implementation of MOSS (TIS/MOSS) to the
   Internet community.

   TIS/MOSS is a UNIX-based implementation that is easily integrated
   with email user agents.  The source code is openly available in the
   United States and Canada for non-commercial use.  The current version
   of TIS/MOSS is 7.1.

   Vendors interested in including TIS/MOSS in their products or
   integrating it with their services should contact Trusted Information
   Systems about licensing Trusted Mail (tm) by sending email to
   tismoss-support@tis.com.

6
Q: How do I get TIS/MOSS?

A: TIS/MOSS is available via anonymous ftp in the United States and
   Canada to US and Canadian citizens and people with a US "green
   card."  To retrieve TIS/MOSS please FTP to

     host:   ftp.tis.com
     login:  anonymous

   and retrieve the files

     pub/MOSS/README
     pub/MOSS/LICENSE
     pub/MOSS/BUGS

   The README file contains further instructions.  

7
Q: Why is TIS/MOSS only available in the US and Canada?

A: The export from the United States of the cryptography used in
   TIS/MOSS is controlled by the United States government.

8
Q: Are special privileges (e.g., root access) required to install TIS/MOSS?

A: No.

9
Q: What about integrating TIS/MOSS into email user agents?

A: TIS/MOSS includes "glue", in the form of shell scripts, to integrate
   it with the Rand MH Message Handling System version 6.8.3.  It also
   includes generic scripts that make the services accessible to any
   UNIX application that supports shell escapes.  If you integrate
   TIS/MOSS with a popular email user agent, we would be happy to make
   it available to others.

10
Q: What about DOS and other non-UNIX platforms?

A: TIS/MOSS has been ported to DOS and includes a DOS compiler option
   that may be set to facilitate its installation in DOS environments.
   It has also been ported to Macintosh although it does not yet include
   a MAC compiler option.  If you port TIS/MOSS to other platforms, we
   would be happy to make the changes available to others.

11
Q: Is there a forum for MOSS users and developers?

A: Yes, there is an email list for users of TIS/MOSS called
   "tismoss-users@tis.com".  To get added to the list send a message to
   "tismoss-users-request@tis.com".

   There is an email list for implementors and discussions of the MOSS
   specifications called "pem-dev@tis.com".  This list originated with
   the PEM protocol, from which MOSS is derived.  To get added to the
   list send a message to "pem-dev-request@tis.com".

12
Q: What about certificates?

A: TIS/MOSS supports the use of X.509 certificates including creation,
   validation, certificate revocation lists, distribution, and
   destruction.  Users may embody their public key in a certificate and
   may participate in the Internet certification hierarchy or some other
   private hierarchy.  TIS/MOSS neither requires nor enforces any
   certification hierarchy policy.

13
Q: What is the Internet Certification hierarchy?

A: The Internet Certification hierarchy is defined by RFC1422.  It is a
   tree structured hierarchy of certificates with a single, global root
   called the Internet PCA Registration Authority (IPRA).  The IPRA
   issues certificates to Policy Certification Authorities (PCAs) who
   issue certificates to Certification Authorities (CAs) who may issue
   certificates to users or subordinate CAs.  Identities are based on
   distinguished names and there are restrictions on their form and
   content.

   For more information on becoming a PCA see the IPRA WWW page at:

	http://bs.mit.edu:8001/ipra.html

   or contact the IPRA at:

	ipra-info@isoc.org

   For more information on becoming a CA under the TIS PCA contact:

	tispca-info@tis.com

14
Q: What if I have questions about or problems with TIS/MOSS?

A: Send them to "tismoss-support@tis.com".

------- =_aaaaaaaaaa0
Content-Type: multipart/signed; protocol="application/moss-signature";
	micalg="md5"; boundary="----- =_aaaaaaaaaa1"

------- =_aaaaaaaaaa1
Content-Type: text/plain; charset="us-ascii"
Content-ID: <2977.811023088.5@tis.com>

Trusted Information Systems, Inc. (TIS), in cooperation with RSA Data
Security, Inc. (RSADSI), is pleased to provide TIS/MOSS, a reference
implementation of MIME Object Security Services (MOSS).  TIS/MOSS is a
security toolkit that provides digital signature and encryption services
for MIME objects.  TIS/MOSS includes the "glue" necessary for
integration with Version 6.8.3 of the Rand MH Message Handling System,
in addition to generic Bourne shell scripts that make it possible to use
it with email user agents supporting UNIX shell escapes.

In order to foster acceptance of MOSS and provide the community with a
usable, working version of this technology, TIS/MOSS is being made
available for broad use on the following basis.

TIS/MOSS is distributed in source code form, with all modules written in
the C programming language.  It runs on many UNIX derived platforms.  It
includes a DOS compilation directive that facilitates its port to
DOS/WINDOWS.

TIS/MOSS requires RSAREF, a cryptographic toolkit distributed by RSADSI.
TIS/MOSS makes use of undocumented features of RSAREF.  RSADSI has given
permission for users of TIS/MOSS to use these features, subject to the
terms and conditions of both the TIS/MOSS and RSAREF licenses, as
distributed with each software package.

TIS/MOSS is a product of Trusted Information Systems, Inc.  It may be
used by organizations and users for exchanging MOSS email messages,
subject to the terms and conditions of its license.  Enclosed below is
the MOSS Frequently Asked Questions, which includes instructions on how
to retrieve the software.

TIS/MOSS is export controlled by the U.S. Government.  As a result it is
only available to U.S. and Canadian sites and individuals.  Please see
the FAQ for more information.

------- =_aaaaaaaaaa1
Content-Type: application/moss-signature
Content-ID: <2977.811023088.4@tis.com>
Content-Transfer-Encoding: quoted-printable

Version: 5
Originator-ID: PK,MHkwCgYEVQgBAQICAwADawAwaAJhAMAHQ45ywA357G4fqQ61aoC1fO6B=
ekJmG4475mJkwGIUxvDkwuxe/EFdPkXDGBxzdGrW1iuh5K8kl8KRGJ9wh1HU4TrghGdhn0Lw8g=
G67Dmb5cBhY9DGwq0CDnrpKZV3cQIDAQAB,EN,2,galvin@tis.com
MIC-Info: RSA-MD5,RSA,jZjz1ope/QCf2IwPfkXfB+0bNJsFqJny+xVqjyFaW6QAY0Oy4dru=
PxTgYleEFG2qQBP6rbNiucG7g254ClV6hUMG6ksd+qFioFvxqsJ15WylN7Addo/QCzknzhRo45=
6l

------- =_aaaaaaaaaa1--

------- =_aaaaaaaaaa0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <2977.811023088.6@tis.com>
Content-Description: TIS/MOSS FAQ


		  TIS/MOSS Frequently Asked Questions
			 Last Updated July 1995
	 Send questions and comments to tismoss-support@tis.com

Questions answered:

   1) What is MIME Object Security Services (MOSS)?
   2) What is MIME?
   3) How does MOSS compare to PGP and PEM?
   4) Where is the MOSS standard defined?
   5) Are there implementations of MOSS available?
   6) How do I get TIS/MOSS?
   7) Why is TIS/MOSS only available in the US and Canada?
   8) Are special privileges (e.g., root access) required to install
      TIS/MOSS?
   9) What about integrating TIS/MOSS into email user agents?
  10) What about DOS and other non-UNIX platforms?
  11) Is there a forum for MOSS users and developers?
  12) What about certificates?
  13) What is the Internet Certification hierarchy?
  14) What if I have questions or problems with TIS/MOSS?

 * means that this entry has been recently updated.
 + means that this entry has been added recently.


1
Q: What is MIME Object Security Services (MOSS)?

A: MOSS is a Privacy Enhanced Mail (PEM) derivative that is a Proposed
   Internet Standard for adding security services to Multi-purpose
   Internet Mail Extensions (MIME).  It uses the cryptographic
   techniques of digital signature and encryption to provide origin
   authentication, integrity, and confidentiality to MIME objects.
   Users of MOSS can know who originated a message, that the message
   has not been changed enroute, and that the message was kept secret
   from everyone except the intended recipients.

   MOSS depends on the existence of public/private key pairs to support
   its security services.  Users must exchange public keys with those
   other users with whom they wish to exchange MOSS email.  This may be
   accomplished manually, via mechanisms available in the protocol, via
   X.509 certificates, or any other suitable mechanism.

2
Q: What is MIME?

A: MIME is an Internet Standard (RFC 1521) that defines the format of
   email message bodies to allow multi-part textual and non-textual
   message bodies to be represented and exchanged without loss of
   information.  MIME does for message bodies what RFC822 does for
   message headers.

3
Q: How does MOSS compare to PGP and PEM?

   PGP can provide the same services but since it is not integrated with
   MIME the interpretation of the protected content is necessarily user
   controlled.  Note, however, that MIME can carry a PGP object.

   MOSS is a PEM derivative.  It integrates the security services of PEM
   with MIME, taking advantage of the extensive structuring and
   formatting facilities of MIME, limited versions of which are
   necessarily an integral part of the PEM specifications.

4
Q: Where is the MOSS standard defined?

A: There is a Proposed Standard published as an RFC that specifies MOSS.
   This document may be found in your favorite RFC repository.
   Details on obtaining RFCs via FTP or EMAIL may be obtained by sending
   an EMAIL message to "rfc-info@ISI.EDU" with the message body "help:
   ways_to_get_rfcs".  For example:

        To: rfc-info@ISI.EDU
        Subject: getting rfcs

        help: ways_to_get_rfcs

5
Q: Are there implementations of MOSS available?

A: Yes, Trusted Information Systems (TIS), under ARPA sponsorship, has
   released a reference implementation of MOSS (TIS/MOSS) to the
   Internet community.

   TIS/MOSS is a UNIX-based implementation that is easily integrated
   with email user agents.  The source code is openly available in the
   United States and Canada for non-commercial use.  The current version
   of TIS/MOSS is 7.1.

   Vendors interested in including TIS/MOSS in their products or
   integrating it with their services should contact Trusted Information
   Systems about licensing Trusted Mail (tm) by sending email to
   tismoss-support@tis.com.

6
Q: How do I get TIS/MOSS?

A: TIS/MOSS is available via anonymous ftp in the United States and
   Canada to US and Canadian citizens and people with a US "green
   card."  To retrieve TIS/MOSS please FTP to

     host:   ftp.tis.com
     login:  anonymous

   and retrieve the files

     pub/MOSS/README
     pub/MOSS/LICENSE
     pub/MOSS/BUGS

   The README file contains further instructions.  

7
Q: Why is TIS/MOSS only available in the US and Canada?

A: The export from the United States of the cryptography used in
   TIS/MOSS is controlled by the United States government.

8
Q: Are special privileges (e.g., root access) required to install TIS/MOSS?

A: No.

9
Q: What about integrating TIS/MOSS into email user agents?

A: TIS/MOSS includes "glue", in the form of shell scripts, to integrate
   it with the Rand MH Message Handling System version 6.8.3.  It also
   includes generic scripts that make the services accessible to any
   UNIX application that supports shell escapes.  If you integrate
   TIS/MOSS with a popular email user agent, we would be happy to make
   it available to others.

10
Q: What about DOS and other non-UNIX platforms?

A: TIS/MOSS has been ported to DOS and includes a DOS compiler option
   that may be set to facilitate its installation in DOS environments.
   It has also been ported to Macintosh although it does not yet include
   a MAC compiler option.  If you port TIS/MOSS to other platforms, we
   would be happy to make the changes available to others.

11
Q: Is there a forum for MOSS users and developers?

A: Yes, there is an email list for users of TIS/MOSS called
   "tismoss-users@tis.com".  To get added to the list send a message to
   "tismoss-users-request@tis.com".

   There is an email list for implementors and discussions of the MOSS
   specifications called "pem-dev@tis.com".  This list originated with
   the PEM protocol, from which MOSS is derived.  To get added to the
   list send a message to "pem-dev-request@tis.com".

12
Q: What about certificates?

A: TIS/MOSS supports the use of X.509 certificates including creation,
   validation, certificate revocation lists, distribution, and
   destruction.  Users may embody their public key in a certificate and
   may participate in the Internet certification hierarchy or some other
   private hierarchy.  TIS/MOSS neither requires nor enforces any
   certification hierarchy policy.

13
Q: What is the Internet Certification hierarchy?

A: The Internet Certification hierarchy is defined by RFC1422.  It is a
   tree structured hierarchy of certificates with a single, global root
   called the Internet PCA Registration Authority (IPRA).  The IPRA
   issues certificates to Policy Certification Authorities (PCAs) who
   issue certificates to Certification Authorities (CAs) who may issue
   certificates to users or subordinate CAs.  Identities are based on
   distinguished names and there are restrictions on their form and
   content.

   For more information on becoming a PCA see the IPRA WWW page at:

	http://bs.mit.edu:8001/ipra.html

   or contact the IPRA at:

	ipra-info@isoc.org

   For more information on becoming a CA under the TIS PCA contact:

	tispca-info@tis.com

14
Q: What if I have questions about or problems with TIS/MOSS?

A: Send them to "tismoss-support@tis.com".

------- =_aaaaaaaaaa0--






Thread