From: gnu (John Gilmore)
Date: Fri, 1 Jan 93 23:17:23 PST
To: cypherpunks@toad.com
Subject: Initial Release of Privacy Enhanced Mail
Message-ID: <9301020717.AA16145@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Forwarded from the PEM-DEV mailing list.

Message-Id: <9212301932.AA07388@TIS.COM>
From: James M Galvin <pem-info@TIS.COM>
To: pem-dev@TIS.COM
Cc: rsaref-users@rsa.com
Subject: Initial Release of Privacy Enhanced Mail
Date: Wed, 30 Dec 92 14:32:08 -0500

-----BEGIN PRIVACY-ENHANCED MESSAGE-----
Proc-Type: 4,MIC-CLEAR
Content-Domain: RFC822
Originator-ID-Asymmetric: MEYxCzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUcnV
 zdGVkIEluZm9ybWF0aW9uIFN5c3RlbXMxETAPBgNVBAsTCEdsZW53b29k,02
MIC-Info: RSA-MD5,RSA,mHp3q4Av7Axil1BTXaaii+9NIdfm7doy00d/aw6TYEj
 y/eCt6CLpjbJzXHZt0kavc9ygC0eRNxOmAHiXmFC0Qg==

Trusted Information Systems Incorporated (TIS), under DARPA sponsorship,
in cooperation with RSA Data Security Incorporated (RSADSI), is
preparing to release a reference implementation of Privacy Enhanced Mail
(TIS/PEM) to the Internet community.  TIS/PEM is a UNIX-based
implementation that has been integrated with Rand MH 6.7.2 and is easily
integrated into other mail user agents.  TIS/PEM will be distributed in
source form with RSADSI BSAFE object code.  It will be widely available
within the United States and Canada for non-commercial use (not for
resale) with the stipulation that users join the Internet certification
hierarchy.

You are invited to participate in the testing of the initial release of
TIS/PEM.  Organizations and individuals must meet the following criteria
to be accepted as a tester of the initial release of TIS/PEM.

1. You must be a United States or Canadian organization, or a United
   States or Canadian citizen residing in the United States or Canada.

2. You must have available the computing resources necessary to run the
   software and either be responsible for the administration of the
   resources or be able to delegate the responsibility.

3. You must have FTP access in order to be able to retrieve the
   software.

With this release of TIS/PEM and an Internet certificate, you will be
able to send and receive authenticated and confidential electronic mail
messages, subject to the constraints of your local security policy.

Attached is a field test agreement form.  Please review it.  If you
agree to the terms and wish to participate, reply to this message and we
will provide an ftp account for you to retrieve the file.

The main features of this agreement are the following:

o This test period will last a few months, probably until the end of
  March.  When the test period is complete, we will release this code
  for general Internet distribution.

o There is no charge for the use of this code, but it may only be used
  by you or within your own organization within the United States or
  Canada.  It may not be given to others outside your organization or
  sold.  (If you have a multinational organization, contact us for
  further discussion.)

o When the system is released for regular use, users must obtain
  certificates through the regular certificate issuing channels and
  pay whatever fees are required.  During the test period, there is no
  charge for certificates.  When a regular certificate issuing mechanism
  is in place you will be informed.

o We intend for this version of the code to be usable for real traffic.
  Although new versions of the software will be issued, the messages and
  certificates generated by this system and the databases maintained by
  this system should be compatible with future distributions.

o We will undoubtedly issue changes, updates, bug fixes, etc. during
  this period.  When we issue updates or new releases, you are obligated
  to install these changes.

o You are free to drop out at any time.

Thank you very much for your time.



		    TIS/PEM Beta Test Site Agreement


Trusted Information Systems (TIS) in cooperation with RSA Data Security
Incorporated (RSADSI) is preparing to release TIS/PEM, a reference
implementation of Privacy Enhanced Mail, to the Internet community.

The purpose of beta testing is to evaluate TIS/PEM according to the
criteria specified below.  This agreement protects the interests of the
beta testers, TIS, and RSADSI during the beta test period.

By accepting a distribution of TIS/PEM during the beta test period, a
beta test site agrees to the following:

1. You will acquire no ownership interest in any software,
   documentation, or other pieces of TIS/PEM as a result of their being
   distributed to you by Trusted Information Systems during the beta
   test period.  Except as necessary to install and operate the software
   throughout your organization within the United States, TIS/PEM may
   not be distributed to others.  (If you have a multinational
   organization, contact us for further discussion.)

2. TIS/PEM is to be used only with certificates issued under a
   Certification Authority which is itself registered under a permanent
   or temporary Policy Certification Authority (PCA).  TIS is operating
   a PCA and will supply PCA services without charge during the beta
   test period.

3. At the conclusion of the beta test period, the beta test site may
   keep the software and continue to use it provided the site registers
   with a PCA and pays the appropriate fees.

4. Evaluations, comments, and suggestions about TIS/PEM should be
   communicated to Trusted Information Systems and may be communicated
   to other beta testers.

5. A technically competent systems administrator and programmer, someone
   capable of installing a software system comprising more than 50,000
   lines of C source code, is expected to be assigned responsibility for
   TIS/PEM.  All technical communication with a beta test site will be
   coordinated with this technical point of contact.

6. Upgrades will be installed and evaluated according to the criteria
   specified below in a timely fashion.  Obsolete versions of the system
   must be taken out of service as quickly as possible.

7. If the site elects to drop out of beta testing, all software,
   documentation, and other pieces of TIS/PEM as may be distributed
   during the beta test period must be returned to Trusted Information
   Systems.


During the beta test period, TIS agrees to the following:

1. One copy of all software, documentation, and other pieces of TIS/PEM
   as may be necessary to its correct and proper operation will be
   supplied to each beta test site for use during the beta test period.

2. Evaluations, comments, suggestions, bug fixes, and improvements of
   TIS/PEM will be acknowledged and incorporated into TIS/PEM according
   to an internal TIS review process.

3. During normal business hours, telephone and electronic mail technical
   support will be provided to the technical point of contact at each
   beta test site assigned responsibility for TIS/PEM.

4. One copy of upgrades to TIS/PEM incorporating evaluations, comments,
   suggestions, bug fixes, and improvements will be supplied to each
   beta test sites for use during the beta test period.

5. Beta test sites will be informed of the completion of beta testing
   and may be asked to return all software, documentation, and other
   pieces of TIS/PEM as may have been distributed during the beta test
   period.


		      TIS/PEM Evaluation Criteria

Beta test sites are requested to evaluation TIS/PEM according to the
following criteria.  The results of the evaluation must be returned to
TIS in order for changes to be incorporated in the next release of
TIS/PEM.  There are 5 areas of particular interest, but any and all
comments are hereby solicited.  Beta test sites are asked to evaluate
how well we achieve the objectives stated for each area.

1. Installability

   TIS/PEM is expected to operate on most BSD and SYS5 derived UNIXs.
   With respect to installability we want to achieve the following
   objectives:

   a. TIS/PEM should install smoothly on as many different "flavors" of
      UNIX as possible.

   b. TIS/PEM should install smoothly on as many different hardware
      platforms as possible.

   c. The installation process should be as simple as possible, but not
      simpler.

   Beta test sites are encouraged to port TIS/PEM to as many different
   software and hardware environments as possible.  If possible,
   enhancements to get TIS/PEM to install smoothly on other versions of
   UNIX that are returned to TIS will be incorporated into a future
   distribution of TIS/PEM.

2. Usability

   TIS/PEM is provided with a command line oriented interface.  In
   particular, it is integrated with the Rand MH Message Handling user
   agent.  This interface was chosen because of the ease with which
   TIS/PEM could be integrated and because it is in the public domain.

   For each site, a certificate administrator must be designated who
   will be responsible for the administration of TIS/PEM.  In
   particular, there is some site specific initialization to be
   completed.

   In addition, there is some initialization required to be executed by
   every user before they can make use of the TIS/PEM enhancements to
   MH.  Depending on local conventions, users may be required to request
   the initialization of their certificate administrator or they may be
   able to execute the initialization individually.

   With respect to usability we want to achieve the following
   objectives:

   a. For users familiar with MH, the integration of TIS/PEM and MH
      should appear to be a natural extension of the MH model.

   b. The initialization process should be as simple as possible.


   Users will need to be familiar with MH or be prepared to learn about
   it.  The MH source tree includes a tutorial of the minimal set of
   commands.

   In the future it is expected that others will contribute additional
   user interface software.  Beta test sites are encouraged to enhance
   local user interfaces to include TIS/PEM.  If possible, these
   enhancements will be included in future distributions of TIS/PEM.

3. Performance

   The performance of TIS/PEM is dominated by the processing time for
   certificates and cryptography.  We have attempted to minimize the
   impact of these factors but we encourage beta test sites to
   investigate the operation of the system and identify bottlenecks for
   which they have suggestions for improvement.

   With respect to performance we want to achieve the following
   objective:

   o The design and model of TIS/PEM, and its integration with various
     applications, should be such that it will perform as well as it
     can.

   Obviously, performance is a subjective criteria.  Different
   architectures will influence performance as much as the overall
   design of the system.  Beta test sites are encouraged to empirically
   observe the performance of TIS/PEM under various operating conditions
   and report those results.

4. Interoperability

   With respect to interoperability we want to achieve the following
   objectives:

   a. TIS/PEM should interoperate with other implementations of PEM.

   b. Future versions of TIS/PEM should be backward compatible with
      previous versions.

5. Documentation

   On-line manual pages are provided for all TIS/PEM programs and those
   programs we have changed as a result of our integration with MH.  In
   addition, we will provide an installation manual, an administrator's
   manual, and a user's manual.

   With respect to documentation we want to achieve the following
   objectives

   o All documentation should completely and accurately describe
     TIS/PEM.

   o All documentation should be easy to understand and easy to use.

   Beta test sites are encouraged to thoroughly review all documentation
   and provide feedback to be incorporated in future versions.
-----END PRIVACY-ENHANCED MESSAGE-----