From: Rich Salz <rsalz@osf.org>
To: cypherpunks@toad.com
Message Hash: 8a41e807f3b7e6cc6a4a3b44436a35c2f1eb16f0ec21c5be9c117ec8d48115fd
Message ID: <9509132335.AA05053@sulphur.osf.org>
Reply To: N/A
UTC Datetime: 1995-09-13 23:36:28 UTC
Raw Date: Wed, 13 Sep 95 16:36:28 PDT
From: Rich Salz <rsalz@osf.org>
Date: Wed, 13 Sep 95 16:36:28 PDT
To: cypherpunks@toad.com
Subject: MOSS [IETF privacy-enhanced mail, modified for MIME] now available
Message-ID: <9509132335.AA05053@sulphur.osf.org>
MIME-Version: 1.0
Content-Type: text/plain
>From pem-dev-request@neptune.tis.com Wed Sep 13 19:27:35 1995
Message-Id: <9509132011.AA19261@tis.com>
Reply-To: James M Galvin <tismoss-support@TIS.COM>
To: "MOSS.Announce.List":;, tis.com@TIS.COM
Subject: ANNOUNCE: TIS/MOSS Version 7.1
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="----- =_aaaaaaaaaa0"
Content-Id: <2977.811023088.1@tis.com>
Date: Wed, 13 Sep 1995 16:11:35 -0400
------- =_aaaaaaaaaa0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <2977.811023088.2@tis.com>
Trusted Information Systems, Inc. (TIS), in cooperation with RSA Data
Security, Inc. (RSADSI), is pleased to provide TIS/MOSS, a reference
implementation of MIME Object Security Services (MOSS). TIS/MOSS is a
security toolkit that provides digital signature and encryption services
for MIME objects. TIS/MOSS includes the "glue" necessary for
integration with Version 6.8.3 of the Rand MH Message Handling System,
in addition to generic Bourne shell scripts that make it possible to use
it with email user agents supporting UNIX shell escapes.
In order to foster acceptance of MOSS and provide the community with a
usable, working version of this technology, TIS/MOSS is being made
available for broad use on the following basis.
TIS/MOSS is distributed in source code form, with all modules written in
the C programming language. It runs on many UNIX derived platforms. It
includes a DOS compilation directive that facilitates its port to
DOS/WINDOWS.
TIS/MOSS requires RSAREF, a cryptographic toolkit distributed by RSADSI.
TIS/MOSS makes use of undocumented features of RSAREF. RSADSI has given
permission for users of TIS/MOSS to use these features, subject to the
terms and conditions of both the TIS/MOSS and RSAREF licenses, as
distributed with each software package.
TIS/MOSS is a product of Trusted Information Systems, Inc. It may be
used by organizations and users for exchanging MOSS email messages,
subject to the terms and conditions of its license. Enclosed below is
the MOSS Frequently Asked Questions, which includes instructions on how
to retrieve the software.
TIS/MOSS is export controlled by the U.S. Government. As a result it is
only available to U.S. and Canadian sites and individuals. Please see
the FAQ for more information.
------- =_aaaaaaaaaa0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <2977.811023088.3@tis.com>
Content-Description: TIS/MOSS FAQ
TIS/MOSS Frequently Asked Questions
Last Updated July 1995
Send questions and comments to tismoss-support@tis.com
Questions answered:
1) What is MIME Object Security Services (MOSS)?
2) What is MIME?
3) How does MOSS compare to PGP and PEM?
4) Where is the MOSS standard defined?
5) Are there implementations of MOSS available?
6) How do I get TIS/MOSS?
7) Why is TIS/MOSS only available in the US and Canada?
8) Are special privileges (e.g., root access) required to install
TIS/MOSS?
9) What about integrating TIS/MOSS into email user agents?
10) What about DOS and other non-UNIX platforms?
11) Is there a forum for MOSS users and developers?
12) What about certificates?
13) What is the Internet Certification hierarchy?
14) What if I have questions or problems with TIS/MOSS?
* means that this entry has been recently updated.
+ means that this entry has been added recently.
1
Q: What is MIME Object Security Services (MOSS)?
A: MOSS is a Privacy Enhanced Mail (PEM) derivative that is a Proposed
Internet Standard for adding security services to Multi-purpose
Internet Mail Extensions (MIME). It uses the cryptographic
techniques of digital signature and encryption to provide origin
authentication, integrity, and confidentiality to MIME objects.
Users of MOSS can know who originated a message, that the message
has not been changed enroute, and that the message was kept secret
from everyone except the intended recipients.
MOSS depends on the existence of public/private key pairs to support
its security services. Users must exchange public keys with those
other users with whom they wish to exchange MOSS email. This may be
accomplished manually, via mechanisms available in the protocol, via
X.509 certificates, or any other suitable mechanism.
2
Q: What is MIME?
A: MIME is an Internet Standard (RFC 1521) that defines the format of
email message bodies to allow multi-part textual and non-textual
message bodies to be represented and exchanged without loss of
information. MIME does for message bodies what RFC822 does for
message headers.
3
Q: How does MOSS compare to PGP and PEM?
PGP can provide the same services but since it is not integrated with
MIME the interpretation of the protected content is necessarily user
controlled. Note, however, that MIME can carry a PGP object.
MOSS is a PEM derivative. It integrates the security services of PEM
with MIME, taking advantage of the extensive structuring and
formatting facilities of MIME, limited versions of which are
necessarily an integral part of the PEM specifications.
4
Q: Where is the MOSS standard defined?
A: There is a Proposed Standard published as an RFC that specifies MOSS.
This document may be found in your favorite RFC repository.
Details on obtaining RFCs via FTP or EMAIL may be obtained by sending
an EMAIL message to "rfc-info@ISI.EDU" with the message body "help:
ways_to_get_rfcs". For example:
To: rfc-info@ISI.EDU
Subject: getting rfcs
help: ways_to_get_rfcs
5
Q: Are there implementations of MOSS available?
A: Yes, Trusted Information Systems (TIS), under ARPA sponsorship, has
released a reference implementation of MOSS (TIS/MOSS) to the
Internet community.
TIS/MOSS is a UNIX-based implementation that is easily integrated
with email user agents. The source code is openly available in the
United States and Canada for non-commercial use. The current version
of TIS/MOSS is 7.1.
Vendors interested in including TIS/MOSS in their products or
integrating it with their services should contact Trusted Information
Systems about licensing Trusted Mail (tm) by sending email to
tismoss-support@tis.com.
6
Q: How do I get TIS/MOSS?
A: TIS/MOSS is available via anonymous ftp in the United States and
Canada to US and Canadian citizens and people with a US "green
card." To retrieve TIS/MOSS please FTP to
host: ftp.tis.com
login: anonymous
and retrieve the files
pub/MOSS/README
pub/MOSS/LICENSE
pub/MOSS/BUGS
The README file contains further instructions.
7
Q: Why is TIS/MOSS only available in the US and Canada?
A: The export from the United States of the cryptography used in
TIS/MOSS is controlled by the United States government.
8
Q: Are special privileges (e.g., root access) required to install TIS/MOSS?
A: No.
9
Q: What about integrating TIS/MOSS into email user agents?
A: TIS/MOSS includes "glue", in the form of shell scripts, to integrate
it with the Rand MH Message Handling System version 6.8.3. It also
includes generic scripts that make the services accessible to any
UNIX application that supports shell escapes. If you integrate
TIS/MOSS with a popular email user agent, we would be happy to make
it available to others.
10
Q: What about DOS and other non-UNIX platforms?
A: TIS/MOSS has been ported to DOS and includes a DOS compiler option
that may be set to facilitate its installation in DOS environments.
It has also been ported to Macintosh although it does not yet include
a MAC compiler option. If you port TIS/MOSS to other platforms, we
would be happy to make the changes available to others.
11
Q: Is there a forum for MOSS users and developers?
A: Yes, there is an email list for users of TIS/MOSS called
"tismoss-users@tis.com". To get added to the list send a message to
"tismoss-users-request@tis.com".
There is an email list for implementors and discussions of the MOSS
specifications called "pem-dev@tis.com". This list originated with
the PEM protocol, from which MOSS is derived. To get added to the
list send a message to "pem-dev-request@tis.com".
12
Q: What about certificates?
A: TIS/MOSS supports the use of X.509 certificates including creation,
validation, certificate revocation lists, distribution, and
destruction. Users may embody their public key in a certificate and
may participate in the Internet certification hierarchy or some other
private hierarchy. TIS/MOSS neither requires nor enforces any
certification hierarchy policy.
13
Q: What is the Internet Certification hierarchy?
A: The Internet Certification hierarchy is defined by RFC1422. It is a
tree structured hierarchy of certificates with a single, global root
called the Internet PCA Registration Authority (IPRA). The IPRA
issues certificates to Policy Certification Authorities (PCAs) who
issue certificates to Certification Authorities (CAs) who may issue
certificates to users or subordinate CAs. Identities are based on
distinguished names and there are restrictions on their form and
content.
For more information on becoming a PCA see the IPRA WWW page at:
http://bs.mit.edu:8001/ipra.html
or contact the IPRA at:
ipra-info@isoc.org
For more information on becoming a CA under the TIS PCA contact:
tispca-info@tis.com
14
Q: What if I have questions about or problems with TIS/MOSS?
A: Send them to "tismoss-support@tis.com".
------- =_aaaaaaaaaa0
Content-Type: multipart/signed; protocol="application/moss-signature";
micalg="md5"; boundary="----- =_aaaaaaaaaa1"
------- =_aaaaaaaaaa1
Content-Type: text/plain; charset="us-ascii"
Content-ID: <2977.811023088.5@tis.com>
Trusted Information Systems, Inc. (TIS), in cooperation with RSA Data
Security, Inc. (RSADSI), is pleased to provide TIS/MOSS, a reference
implementation of MIME Object Security Services (MOSS). TIS/MOSS is a
security toolkit that provides digital signature and encryption services
for MIME objects. TIS/MOSS includes the "glue" necessary for
integration with Version 6.8.3 of the Rand MH Message Handling System,
in addition to generic Bourne shell scripts that make it possible to use
it with email user agents supporting UNIX shell escapes.
In order to foster acceptance of MOSS and provide the community with a
usable, working version of this technology, TIS/MOSS is being made
available for broad use on the following basis.
TIS/MOSS is distributed in source code form, with all modules written in
the C programming language. It runs on many UNIX derived platforms. It
includes a DOS compilation directive that facilitates its port to
DOS/WINDOWS.
TIS/MOSS requires RSAREF, a cryptographic toolkit distributed by RSADSI.
TIS/MOSS makes use of undocumented features of RSAREF. RSADSI has given
permission for users of TIS/MOSS to use these features, subject to the
terms and conditions of both the TIS/MOSS and RSAREF licenses, as
distributed with each software package.
TIS/MOSS is a product of Trusted Information Systems, Inc. It may be
used by organizations and users for exchanging MOSS email messages,
subject to the terms and conditions of its license. Enclosed below is
the MOSS Frequently Asked Questions, which includes instructions on how
to retrieve the software.
TIS/MOSS is export controlled by the U.S. Government. As a result it is
only available to U.S. and Canadian sites and individuals. Please see
the FAQ for more information.
------- =_aaaaaaaaaa1
Content-Type: application/moss-signature
Content-ID: <2977.811023088.4@tis.com>
Content-Transfer-Encoding: quoted-printable
Version: 5
Originator-ID: PK,MHkwCgYEVQgBAQICAwADawAwaAJhAMAHQ45ywA357G4fqQ61aoC1fO6B=
ekJmG4475mJkwGIUxvDkwuxe/EFdPkXDGBxzdGrW1iuh5K8kl8KRGJ9wh1HU4TrghGdhn0Lw8g=
G67Dmb5cBhY9DGwq0CDnrpKZV3cQIDAQAB,EN,2,galvin@tis.com
MIC-Info: RSA-MD5,RSA,jZjz1ope/QCf2IwPfkXfB+0bNJsFqJny+xVqjyFaW6QAY0Oy4dru=
PxTgYleEFG2qQBP6rbNiucG7g254ClV6hUMG6ksd+qFioFvxqsJ15WylN7Addo/QCzknzhRo45=
6l
------- =_aaaaaaaaaa1--
------- =_aaaaaaaaaa0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <2977.811023088.6@tis.com>
Content-Description: TIS/MOSS FAQ
TIS/MOSS Frequently Asked Questions
Last Updated July 1995
Send questions and comments to tismoss-support@tis.com
Questions answered:
1) What is MIME Object Security Services (MOSS)?
2) What is MIME?
3) How does MOSS compare to PGP and PEM?
4) Where is the MOSS standard defined?
5) Are there implementations of MOSS available?
6) How do I get TIS/MOSS?
7) Why is TIS/MOSS only available in the US and Canada?
8) Are special privileges (e.g., root access) required to install
TIS/MOSS?
9) What about integrating TIS/MOSS into email user agents?
10) What about DOS and other non-UNIX platforms?
11) Is there a forum for MOSS users and developers?
12) What about certificates?
13) What is the Internet Certification hierarchy?
14) What if I have questions or problems with TIS/MOSS?
* means that this entry has been recently updated.
+ means that this entry has been added recently.
1
Q: What is MIME Object Security Services (MOSS)?
A: MOSS is a Privacy Enhanced Mail (PEM) derivative that is a Proposed
Internet Standard for adding security services to Multi-purpose
Internet Mail Extensions (MIME). It uses the cryptographic
techniques of digital signature and encryption to provide origin
authentication, integrity, and confidentiality to MIME objects.
Users of MOSS can know who originated a message, that the message
has not been changed enroute, and that the message was kept secret
from everyone except the intended recipients.
MOSS depends on the existence of public/private key pairs to support
its security services. Users must exchange public keys with those
other users with whom they wish to exchange MOSS email. This may be
accomplished manually, via mechanisms available in the protocol, via
X.509 certificates, or any other suitable mechanism.
2
Q: What is MIME?
A: MIME is an Internet Standard (RFC 1521) that defines the format of
email message bodies to allow multi-part textual and non-textual
message bodies to be represented and exchanged without loss of
information. MIME does for message bodies what RFC822 does for
message headers.
3
Q: How does MOSS compare to PGP and PEM?
PGP can provide the same services but since it is not integrated with
MIME the interpretation of the protected content is necessarily user
controlled. Note, however, that MIME can carry a PGP object.
MOSS is a PEM derivative. It integrates the security services of PEM
with MIME, taking advantage of the extensive structuring and
formatting facilities of MIME, limited versions of which are
necessarily an integral part of the PEM specifications.
4
Q: Where is the MOSS standard defined?
A: There is a Proposed Standard published as an RFC that specifies MOSS.
This document may be found in your favorite RFC repository.
Details on obtaining RFCs via FTP or EMAIL may be obtained by sending
an EMAIL message to "rfc-info@ISI.EDU" with the message body "help:
ways_to_get_rfcs". For example:
To: rfc-info@ISI.EDU
Subject: getting rfcs
help: ways_to_get_rfcs
5
Q: Are there implementations of MOSS available?
A: Yes, Trusted Information Systems (TIS), under ARPA sponsorship, has
released a reference implementation of MOSS (TIS/MOSS) to the
Internet community.
TIS/MOSS is a UNIX-based implementation that is easily integrated
with email user agents. The source code is openly available in the
United States and Canada for non-commercial use. The current version
of TIS/MOSS is 7.1.
Vendors interested in including TIS/MOSS in their products or
integrating it with their services should contact Trusted Information
Systems about licensing Trusted Mail (tm) by sending email to
tismoss-support@tis.com.
6
Q: How do I get TIS/MOSS?
A: TIS/MOSS is available via anonymous ftp in the United States and
Canada to US and Canadian citizens and people with a US "green
card." To retrieve TIS/MOSS please FTP to
host: ftp.tis.com
login: anonymous
and retrieve the files
pub/MOSS/README
pub/MOSS/LICENSE
pub/MOSS/BUGS
The README file contains further instructions.
7
Q: Why is TIS/MOSS only available in the US and Canada?
A: The export from the United States of the cryptography used in
TIS/MOSS is controlled by the United States government.
8
Q: Are special privileges (e.g., root access) required to install TIS/MOSS?
A: No.
9
Q: What about integrating TIS/MOSS into email user agents?
A: TIS/MOSS includes "glue", in the form of shell scripts, to integrate
it with the Rand MH Message Handling System version 6.8.3. It also
includes generic scripts that make the services accessible to any
UNIX application that supports shell escapes. If you integrate
TIS/MOSS with a popular email user agent, we would be happy to make
it available to others.
10
Q: What about DOS and other non-UNIX platforms?
A: TIS/MOSS has been ported to DOS and includes a DOS compiler option
that may be set to facilitate its installation in DOS environments.
It has also been ported to Macintosh although it does not yet include
a MAC compiler option. If you port TIS/MOSS to other platforms, we
would be happy to make the changes available to others.
11
Q: Is there a forum for MOSS users and developers?
A: Yes, there is an email list for users of TIS/MOSS called
"tismoss-users@tis.com". To get added to the list send a message to
"tismoss-users-request@tis.com".
There is an email list for implementors and discussions of the MOSS
specifications called "pem-dev@tis.com". This list originated with
the PEM protocol, from which MOSS is derived. To get added to the
list send a message to "pem-dev-request@tis.com".
12
Q: What about certificates?
A: TIS/MOSS supports the use of X.509 certificates including creation,
validation, certificate revocation lists, distribution, and
destruction. Users may embody their public key in a certificate and
may participate in the Internet certification hierarchy or some other
private hierarchy. TIS/MOSS neither requires nor enforces any
certification hierarchy policy.
13
Q: What is the Internet Certification hierarchy?
A: The Internet Certification hierarchy is defined by RFC1422. It is a
tree structured hierarchy of certificates with a single, global root
called the Internet PCA Registration Authority (IPRA). The IPRA
issues certificates to Policy Certification Authorities (PCAs) who
issue certificates to Certification Authorities (CAs) who may issue
certificates to users or subordinate CAs. Identities are based on
distinguished names and there are restrictions on their form and
content.
For more information on becoming a PCA see the IPRA WWW page at:
http://bs.mit.edu:8001/ipra.html
or contact the IPRA at:
ipra-info@isoc.org
For more information on becoming a CA under the TIS PCA contact:
tispca-info@tis.com
14
Q: What if I have questions about or problems with TIS/MOSS?
A: Send them to "tismoss-support@tis.com".
------- =_aaaaaaaaaa0--
Return to September 1995
Return to “Rich Salz <rsalz@osf.org>”