Forwarded from the PEM-DEV mailing list. Message-Id: <9212301932.AA07388@TIS.COM> From: James M Galvin <pem-info@TIS.COM> To: pem-dev@TIS.COM Cc: rsaref-users@rsa.com Subject: Initial Release of Privacy Enhanced Mail Date: Wed, 30 Dec 92 14:32:08 -0500 -----BEGIN PRIVACY-ENHANCED MESSAGE----- Proc-Type: 4,MIC-CLEAR Content-Domain: RFC822 Originator-ID-Asymmetric: MEYxCzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUcnV zdGVkIEluZm9ybWF0aW9uIFN5c3RlbXMxETAPBgNVBAsTCEdsZW53b29k,02 MIC-Info: RSA-MD5,RSA,mHp3q4Av7Axil1BTXaaii+9NIdfm7doy00d/aw6TYEj y/eCt6CLpjbJzXHZt0kavc9ygC0eRNxOmAHiXmFC0Qg== Trusted Information Systems Incorporated (TIS), under DARPA sponsorship, in cooperation with RSA Data Security Incorporated (RSADSI), is preparing to release a reference implementation of Privacy Enhanced Mail (TIS/PEM) to the Internet community. TIS/PEM is a UNIX-based implementation that has been integrated with Rand MH 6.7.2 and is easily integrated into other mail user agents. TIS/PEM will be distributed in source form with RSADSI BSAFE object code. It will be widely available within the United States and Canada for non-commercial use (not for resale) with the stipulation that users join the Internet certification hierarchy. You are invited to participate in the testing of the initial release of TIS/PEM. Organizations and individuals must meet the following criteria to be accepted as a tester of the initial release of TIS/PEM. 1. You must be a United States or Canadian organization, or a United States or Canadian citizen residing in the United States or Canada. 2. You must have available the computing resources necessary to run the software and either be responsible for the administration of the resources or be able to delegate the responsibility. 3. You must have FTP access in order to be able to retrieve the software. With this release of TIS/PEM and an Internet certificate, you will be able to send and receive authenticated and confidential electronic mail messages, subject to the constraints of your local security policy. Attached is a field test agreement form. Please review it. If you agree to the terms and wish to participate, reply to this message and we will provide an ftp account for you to retrieve the file. The main features of this agreement are the following: o This test period will last a few months, probably until the end of March. When the test period is complete, we will release this code for general Internet distribution. o There is no charge for the use of this code, but it may only be used by you or within your own organization within the United States or Canada. It may not be given to others outside your organization or sold. (If you have a multinational organization, contact us for further discussion.) o When the system is released for regular use, users must obtain certificates through the regular certificate issuing channels and pay whatever fees are required. During the test period, there is no charge for certificates. When a regular certificate issuing mechanism is in place you will be informed. o We intend for this version of the code to be usable for real traffic. Although new versions of the software will be issued, the messages and certificates generated by this system and the databases maintained by this system should be compatible with future distributions. o We will undoubtedly issue changes, updates, bug fixes, etc. during this period. When we issue updates or new releases, you are obligated to install these changes. o You are free to drop out at any time. Thank you very much for your time. TIS/PEM Beta Test Site Agreement Trusted Information Systems (TIS) in cooperation with RSA Data Security Incorporated (RSADSI) is preparing to release TIS/PEM, a reference implementation of Privacy Enhanced Mail, to the Internet community. The purpose of beta testing is to evaluate TIS/PEM according to the criteria specified below. This agreement protects the interests of the beta testers, TIS, and RSADSI during the beta test period. By accepting a distribution of TIS/PEM during the beta test period, a beta test site agrees to the following: 1. You will acquire no ownership interest in any software, documentation, or other pieces of TIS/PEM as a result of their being distributed to you by Trusted Information Systems during the beta test period. Except as necessary to install and operate the software throughout your organization within the United States, TIS/PEM may not be distributed to others. (If you have a multinational organization, contact us for further discussion.) 2. TIS/PEM is to be used only with certificates issued under a Certification Authority which is itself registered under a permanent or temporary Policy Certification Authority (PCA). TIS is operating a PCA and will supply PCA services without charge during the beta test period. 3. At the conclusion of the beta test period, the beta test site may keep the software and continue to use it provided the site registers with a PCA and pays the appropriate fees. 4. Evaluations, comments, and suggestions about TIS/PEM should be communicated to Trusted Information Systems and may be communicated to other beta testers. 5. A technically competent systems administrator and programmer, someone capable of installing a software system comprising more than 50,000 lines of C source code, is expected to be assigned responsibility for TIS/PEM. All technical communication with a beta test site will be coordinated with this technical point of contact. 6. Upgrades will be installed and evaluated according to the criteria specified below in a timely fashion. Obsolete versions of the system must be taken out of service as quickly as possible. 7. If the site elects to drop out of beta testing, all software, documentation, and other pieces of TIS/PEM as may be distributed during the beta test period must be returned to Trusted Information Systems. During the beta test period, TIS agrees to the following: 1. One copy of all software, documentation, and other pieces of TIS/PEM as may be necessary to its correct and proper operation will be supplied to each beta test site for use during the beta test period. 2. Evaluations, comments, suggestions, bug fixes, and improvements of TIS/PEM will be acknowledged and incorporated into TIS/PEM according to an internal TIS review process. 3. During normal business hours, telephone and electronic mail technical support will be provided to the technical point of contact at each beta test site assigned responsibility for TIS/PEM. 4. One copy of upgrades to TIS/PEM incorporating evaluations, comments, suggestions, bug fixes, and improvements will be supplied to each beta test sites for use during the beta test period. 5. Beta test sites will be informed of the completion of beta testing and may be asked to return all software, documentation, and other pieces of TIS/PEM as may have been distributed during the beta test period. TIS/PEM Evaluation Criteria Beta test sites are requested to evaluation TIS/PEM according to the following criteria. The results of the evaluation must be returned to TIS in order for changes to be incorporated in the next release of TIS/PEM. There are 5 areas of particular interest, but any and all comments are hereby solicited. Beta test sites are asked to evaluate how well we achieve the objectives stated for each area. 1. Installability TIS/PEM is expected to operate on most BSD and SYS5 derived UNIXs. With respect to installability we want to achieve the following objectives: a. TIS/PEM should install smoothly on as many different "flavors" of UNIX as possible. b. TIS/PEM should install smoothly on as many different hardware platforms as possible. c. The installation process should be as simple as possible, but not simpler. Beta test sites are encouraged to port TIS/PEM to as many different software and hardware environments as possible. If possible, enhancements to get TIS/PEM to install smoothly on other versions of UNIX that are returned to TIS will be incorporated into a future distribution of TIS/PEM. 2. Usability TIS/PEM is provided with a command line oriented interface. In particular, it is integrated with the Rand MH Message Handling user agent. This interface was chosen because of the ease with which TIS/PEM could be integrated and because it is in the public domain. For each site, a certificate administrator must be designated who will be responsible for the administration of TIS/PEM. In particular, there is some site specific initialization to be completed. In addition, there is some initialization required to be executed by every user before they can make use of the TIS/PEM enhancements to MH. Depending on local conventions, users may be required to request the initialization of their certificate administrator or they may be able to execute the initialization individually. With respect to usability we want to achieve the following objectives: a. For users familiar with MH, the integration of TIS/PEM and MH should appear to be a natural extension of the MH model. b. The initialization process should be as simple as possible. Users will need to be familiar with MH or be prepared to learn about it. The MH source tree includes a tutorial of the minimal set of commands. In the future it is expected that others will contribute additional user interface software. Beta test sites are encouraged to enhance local user interfaces to include TIS/PEM. If possible, these enhancements will be included in future distributions of TIS/PEM. 3. Performance The performance of TIS/PEM is dominated by the processing time for certificates and cryptography. We have attempted to minimize the impact of these factors but we encourage beta test sites to investigate the operation of the system and identify bottlenecks for which they have suggestions for improvement. With respect to performance we want to achieve the following objective: o The design and model of TIS/PEM, and its integration with various applications, should be such that it will perform as well as it can. Obviously, performance is a subjective criteria. Different architectures will influence performance as much as the overall design of the system. Beta test sites are encouraged to empirically observe the performance of TIS/PEM under various operating conditions and report those results. 4. Interoperability With respect to interoperability we want to achieve the following objectives: a. TIS/PEM should interoperate with other implementations of PEM. b. Future versions of TIS/PEM should be backward compatible with previous versions. 5. Documentation On-line manual pages are provided for all TIS/PEM programs and those programs we have changed as a result of our integration with MH. In addition, we will provide an installation manual, an administrator's manual, and a user's manual. With respect to documentation we want to achieve the following objectives o All documentation should completely and accurately describe TIS/PEM. o All documentation should be easy to understand and easy to use. Beta test sites are encouraged to thoroughly review all documentation and provide feedback to be incorporated in future versions. -----END PRIVACY-ENHANCED MESSAGE-----