Forwarded from the PEM-DEV mailing list.
Message-Id: <9212301932.AA07388@TIS.COM>
From: James M Galvin
To: pem-dev@TIS.COM
Cc: rsaref-users@rsa.com
Subject: Initial Release of Privacy Enhanced Mail
Date: Wed, 30 Dec 92 14:32:08 -0500
-----BEGIN PRIVACY-ENHANCED MESSAGE-----
Proc-Type: 4,MIC-CLEAR
Content-Domain: RFC822
Originator-ID-Asymmetric: MEYxCzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUcnV
zdGVkIEluZm9ybWF0aW9uIFN5c3RlbXMxETAPBgNVBAsTCEdsZW53b29k,02
MIC-Info: RSA-MD5,RSA,mHp3q4Av7Axil1BTXaaii+9NIdfm7doy00d/aw6TYEj
y/eCt6CLpjbJzXHZt0kavc9ygC0eRNxOmAHiXmFC0Qg==
Trusted Information Systems Incorporated (TIS), under DARPA sponsorship,
in cooperation with RSA Data Security Incorporated (RSADSI), is
preparing to release a reference implementation of Privacy Enhanced Mail
(TIS/PEM) to the Internet community. TIS/PEM is a UNIX-based
implementation that has been integrated with Rand MH 6.7.2 and is easily
integrated into other mail user agents. TIS/PEM will be distributed in
source form with RSADSI BSAFE object code. It will be widely available
within the United States and Canada for non-commercial use (not for
resale) with the stipulation that users join the Internet certification
hierarchy.
You are invited to participate in the testing of the initial release of
TIS/PEM. Organizations and individuals must meet the following criteria
to be accepted as a tester of the initial release of TIS/PEM.
1. You must be a United States or Canadian organization, or a United
States or Canadian citizen residing in the United States or Canada.
2. You must have available the computing resources necessary to run the
software and either be responsible for the administration of the
resources or be able to delegate the responsibility.
3. You must have FTP access in order to be able to retrieve the
software.
With this release of TIS/PEM and an Internet certificate, you will be
able to send and receive authenticated and confidential electronic mail
messages, subject to the constraints of your local security policy.
Attached is a field test agreement form. Please review it. If you
agree to the terms and wish to participate, reply to this message and we
will provide an ftp account for you to retrieve the file.
The main features of this agreement are the following:
o This test period will last a few months, probably until the end of
March. When the test period is complete, we will release this code
for general Internet distribution.
o There is no charge for the use of this code, but it may only be used
by you or within your own organization within the United States or
Canada. It may not be given to others outside your organization or
sold. (If you have a multinational organization, contact us for
further discussion.)
o When the system is released for regular use, users must obtain
certificates through the regular certificate issuing channels and
pay whatever fees are required. During the test period, there is no
charge for certificates. When a regular certificate issuing mechanism
is in place you will be informed.
o We intend for this version of the code to be usable for real traffic.
Although new versions of the software will be issued, the messages and
certificates generated by this system and the databases maintained by
this system should be compatible with future distributions.
o We will undoubtedly issue changes, updates, bug fixes, etc. during
this period. When we issue updates or new releases, you are obligated
to install these changes.
o You are free to drop out at any time.
Thank you very much for your time.
�
TIS/PEM Beta Test Site Agreement
Trusted Information Systems (TIS) in cooperation with RSA Data Security
Incorporated (RSADSI) is preparing to release TIS/PEM, a reference
implementation of Privacy Enhanced Mail, to the Internet community.
The purpose of beta testing is to evaluate TIS/PEM according to the
criteria specified below. This agreement protects the interests of the
beta testers, TIS, and RSADSI during the beta test period.
By accepting a distribution of TIS/PEM during the beta test period, a
beta test site agrees to the following:
1. You will acquire no ownership interest in any software,
documentation, or other pieces of TIS/PEM as a result of their being
distributed to you by Trusted Information Systems during the beta
test period. Except as necessary to install and operate the software
throughout your organization within the United States, TIS/PEM may
not be distributed to others. (If you have a multinational
organization, contact us for further discussion.)
2. TIS/PEM is to be used only with certificates issued under a
Certification Authority which is itself registered under a permanent
or temporary Policy Certification Authority (PCA). TIS is operating
a PCA and will supply PCA services without charge during the beta
test period.
3. At the conclusion of the beta test period, the beta test site may
keep the software and continue to use it provided the site registers
with a PCA and pays the appropriate fees.
4. Evaluations, comments, and suggestions about TIS/PEM should be
communicated to Trusted Information Systems and may be communicated
to other beta testers.
5. A technically competent systems administrator and programmer, someone
capable of installing a software system comprising more than 50,000
lines of C source code, is expected to be assigned responsibility for
TIS/PEM. All technical communication with a beta test site will be
coordinated with this technical point of contact.
6. Upgrades will be installed and evaluated according to the criteria
specified below in a timely fashion. Obsolete versions of the system
must be taken out of service as quickly as possible.
7. If the site elects to drop out of beta testing, all software,
documentation, and other pieces of TIS/PEM as may be distributed
during the beta test period must be returned to Trusted Information
Systems.
�
During the beta test period, TIS agrees to the following:
1. One copy of all software, documentation, and other pieces of TIS/PEM
as may be necessary to its correct and proper operation will be
supplied to each beta test site for use during the beta test period.
2. Evaluations, comments, suggestions, bug fixes, and improvements of
TIS/PEM will be acknowledged and incorporated into TIS/PEM according
to an internal TIS review process.
3. During normal business hours, telephone and electronic mail technical
support will be provided to the technical point of contact at each
beta test site assigned responsibility for TIS/PEM.
4. One copy of upgrades to TIS/PEM incorporating evaluations, comments,
suggestions, bug fixes, and improvements will be supplied to each
beta test sites for use during the beta test period.
5. Beta test sites will be informed of the completion of beta testing
and may be asked to return all software, documentation, and other
pieces of TIS/PEM as may have been distributed during the beta test
period.
�
TIS/PEM Evaluation Criteria
Beta test sites are requested to evaluation TIS/PEM according to the
following criteria. The results of the evaluation must be returned to
TIS in order for changes to be incorporated in the next release of
TIS/PEM. There are 5 areas of particular interest, but any and all
comments are hereby solicited. Beta test sites are asked to evaluate
how well we achieve the objectives stated for each area.
1. Installability
TIS/PEM is expected to operate on most BSD and SYS5 derived UNIXs.
With respect to installability we want to achieve the following
objectives:
a. TIS/PEM should install smoothly on as many different "flavors" of
UNIX as possible.
b. TIS/PEM should install smoothly on as many different hardware
platforms as possible.
c. The installation process should be as simple as possible, but not
simpler.
Beta test sites are encouraged to port TIS/PEM to as many different
software and hardware environments as possible. If possible,
enhancements to get TIS/PEM to install smoothly on other versions of
UNIX that are returned to TIS will be incorporated into a future
distribution of TIS/PEM.
2. Usability
TIS/PEM is provided with a command line oriented interface. In
particular, it is integrated with the Rand MH Message Handling user
agent. This interface was chosen because of the ease with which
TIS/PEM could be integrated and because it is in the public domain.
For each site, a certificate administrator must be designated who
will be responsible for the administration of TIS/PEM. In
particular, there is some site specific initialization to be
completed.
In addition, there is some initialization required to be executed by
every user before they can make use of the TIS/PEM enhancements to
MH. Depending on local conventions, users may be required to request
the initialization of their certificate administrator or they may be
able to execute the initialization individually.
With respect to usability we want to achieve the following
objectives:
a. For users familiar with MH, the integration of TIS/PEM and MH
should appear to be a natural extension of the MH model.
b. The initialization process should be as simple as possible.
�
Users will need to be familiar with MH or be prepared to learn about
it. The MH source tree includes a tutorial of the minimal set of
commands.
In the future it is expected that others will contribute additional
user interface software. Beta test sites are encouraged to enhance
local user interfaces to include TIS/PEM. If possible, these
enhancements will be included in future distributions of TIS/PEM.
3. Performance
The performance of TIS/PEM is dominated by the processing time for
certificates and cryptography. We have attempted to minimize the
impact of these factors but we encourage beta test sites to
investigate the operation of the system and identify bottlenecks for
which they have suggestions for improvement.
With respect to performance we want to achieve the following
objective:
o The design and model of TIS/PEM, and its integration with various
applications, should be such that it will perform as well as it
can.
Obviously, performance is a subjective criteria. Different
architectures will influence performance as much as the overall
design of the system. Beta test sites are encouraged to empirically
observe the performance of TIS/PEM under various operating conditions
and report those results.
4. Interoperability
With respect to interoperability we want to achieve the following
objectives:
a. TIS/PEM should interoperate with other implementations of PEM.
b. Future versions of TIS/PEM should be backward compatible with
previous versions.
5. Documentation
On-line manual pages are provided for all TIS/PEM programs and those
programs we have changed as a result of our integration with MH. In
addition, we will provide an installation manual, an administrator's
manual, and a user's manual.
With respect to documentation we want to achieve the following
objectives
o All documentation should completely and accurately describe
TIS/PEM.
o All documentation should be easy to understand and easy to use.
Beta test sites are encouraged to thoroughly review all documentation
and provide feedback to be incorporated in future versions.
-----END PRIVACY-ENHANCED MESSAGE-----
