Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

PMDF UA and S/MIME

2 views
Skip to first unread message

Jeremy Begg

unread,
Oct 22, 2008, 2:25:20 AM10/22/08
to
Hi,

%PMDF-I-VERSION, PMDF version is PMDF V6.4
AlphaServer 800 5/500 running OpenVMS Alpha V8.3
PMDF_SHARE_LIBRARY version V6.4; linked 17:23:52, Jul 25 2008

I've started receive some S/MIME mail and I was rather surprised to find
that the PMDF MAIL command didn't pay any attention to the MIME structure of
the message. Here is an edited extract from one of these messages (I have
removed most of the outer message headers):

Message-id: <48FDC117...@remote.domain.de>
MIME-version: 1.0
Content-type: multipart/signed; protocol="application/x-pkcs7-signature";
micalg=sha1; boundary=------------ms050509050501030008010508
User-Agent: Thunderbird 2.0.0.14 (Windows/20080421)
Original-recipient: rfc822;jer...@vsm.com.au

This is a cryptographically signed message in MIME format.

--------------ms050509050501030008010508
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Jeremy,

thank you for this info. Just let us perform the tests tomorrow.

Regards
Stefan

--------------ms050509050501030008010508
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIII+zCC
AtgwggJBoAMCAQICEAcMVKeuHCU3/3P7WrQlHj4wDQYJKoZIhvcNAQEFBQAwYjELMAkGA1UE
.
.
.
G9HRTvEaxKmllT4stFLqAXFmr8QrRrPxvPNaDS6fmFMOzQWvKMwQyzIjQqt3O0FF0coDjkea
TtpKMCuFF6pJ0FzbshiHmJK1OK8yZ/qJckU/5CYL3JtddlrdBgAAAAAAAA==
--------------ms050509050501030008010508--


When I read this message in PMDF MAIL I do not see the "table of contents"
that PMDF MAIL normally presents when displaying a multipart MIME message.
Instead, PMDF MAIL just dumps out the message contents -- much as VMS MAIL
would.

Is there any particular reason for this? Something I have to enable in
PMDF? It seems to be displayed correctly when I view it using an IMAP
client such as Thunderbird on my Mac.

Thanks,

Jeremy Begg

+---------------------------------------------------------+
| VSM Software Services Pty. Ltd. |
| http://www.vsm.com.au/ |
| "OpenVMS Systems Management & Programming" |
|---------------------------------------------------------|
| P.O.Box 402, Walkerville, | E-Mail: jer...@vsm.com.au |
| South Australia 5081 | Phone: +61 8 8221 5188 |
|---------------------------| Mobile: 0414 422 947 |
| A.C.N. 068 409 156 | FAX: +61 8 8221 7199 |
+---------------------------------------------------------+

Francesco Gennai

unread,
Oct 22, 2008, 3:46:28 AM10/22/08
to
Hi Jeremy,

I think that it depends on the PMDF option (in pmdf_table:option.dat):

MP_SIGNED_MODE

that should be = 1 (to have PMDF recognize the S/MIME structure)

Please note that in such case channels like "conversion" could
corrupt the digital signed message.

Francesco

Jeremy Begg

unread,
Oct 22, 2008, 3:57:02 AM10/22/08
to
Hi Francesco,

>I think that it depends on the PMDF option (in pmdf_table:option.dat):
>
>MP_SIGNED_MODE
>
>that should be = 1 (to have PMDF recognize the S/MIME structure)

That's exactly what I was looking for -- thanks!

>Please note that in such case channels like "conversion" could
>corrupt the digital signed message.

The PMDF System Manager's Manual says this option is for OpenVMS User Agents
so I don't think the CONVERSION channel would be affected by it. I suppose
if I extracted the message and signature to a file then tried to run an
S/MIME signature verifier I might not have much luck, but that's not
something I'm likely to do. (IMAP clients are good enough for such
purposes.)

Regards,

Jeremy Begg

Francesco Gennai

unread,
Oct 22, 2008, 4:05:50 AM10/22/08
to
Hi Jeremy,

> Hi Francesco,

> >I think that it depends on the PMDF option (in pmdf_table:option.dat):
> >
> >MP_SIGNED_MODE
> >
> >that should be = 1 (to have PMDF recognize the S/MIME structure)

> That's exactly what I was looking for -- thanks!

> >Please note that in such case channels like "conversion" could


> >corrupt the digital signed message.

> The PMDF System Manager's Manual says this option is for OpenVMS User Agents


> so I don't think the CONVERSION channel would be affected by it. I suppose
> if I extracted the message and signature to a file then tried to run an
> S/MIME signature verifier I might not have much luck, but that's not
> something I'm likely to do. (IMAP clients are good enough for such
> purposes.)

I'm sure that it involves conversion channel and that introduces the
risk of corruption.
Here is an extract from release notes of PMDF 6.2

5. A new option has been added to option.dat to enable parsing of
multipart/signed messages, for example by PMDF MAIL and for the
conversion channel. To enable parsing of multipart/signed messages,
put MP_SIGNED_MODE=1 into your option.dat file. The default is 0,
multipart/signed messages are not parsed.

Regards,
Francesco


> Regards,

> Jeremy Begg

0 new messages