IETF Logo Mail Archive

Re: dissemination of public encryption certificates

pgut001@cs.auckland.ac.nz (Peter Gutmann) Sun, 24 August 2003 00:57 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA03692 for <smime-archive@lists.ietf.org>; Sat, 23 Aug 2003 20:57:35 -0400 (EDT)
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h7O0NLqt065208 for <ietf-smime-bks@above.proper.com>; Sat, 23 Aug 2003 17:23:21 -0700 (PDT) (envelope-from owner-ietf-smime@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h7O0NLgF065207 for ietf-smime-bks; Sat, 23 Aug 2003 17:23:21 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f
Received: from smtp1.ec.auckland.ac.nz (smtp1.ec.auckland.ac.nz [130.216.191.149]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h7O0NJqt065202 for <ietf-smime@imc.org>; Sat, 23 Aug 2003 17:23:20 -0700 (PDT) (envelope-from pgut001@cs.auckland.ac.nz)
Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp1.ec.auckland.ac.nz (Postfix) with ESMTP id 906B833E87; Sun, 24 Aug 2003 12:22:07 +1200 (NZST)
Received: from smtp1.ec.auckland.ac.nz ([127.0.0.1]) by localhost (smtp1.ec.auckland.ac.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 12475-01; Sun, 24 Aug 2003 12:22:07 +1200 (NZST)
Received: from hermes.cs.auckland.ac.nz (hermes.cs.auckland.ac.nz [130.216.35.151]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (No client certificate requested) by smtp1.ec.auckland.ac.nz (Postfix) with ESMTP id 665B733E85; Sun, 24 Aug 2003 12:22:07 +1200 (NZST)
Received: from medusa01.cs.auckland.ac.nz (medusa01.cs.auckland.ac.nz [130.216.34.33]) by hermes.cs.auckland.ac.nz (8.12.9/8.12.9) with ESMTP id h7O0NKwp008993; Sun, 24 Aug 2003 12:23:20 +1200
Received: (from pgut001@localhost) by medusa01.cs.auckland.ac.nz (8.11.6/8.11.6) id h7O0NKp27773; Sun, 24 Aug 2003 12:23:20 +1200
Date: Sun, 24 Aug 2003 12:23:20 +1200
Message-Id: <200308240023.h7O0NKp27773@medusa01.cs.auckland.ac.nz>
From: pgut001@cs.auckland.ac.nz
To: ietf-smime@imc.org, jpierre@netscape.com
Subject: Re: dissemination of public encryption certificates
X-Virus-Scanned: by amavisd-new at auckland.ac.nz
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>

jpierre@netscape.com (Julien Pierre) writes:

>I was wondering what thoughts you may have on the following problem :
>
>If I have a keypair and e-mail certificate, and I want to send encrypted 
>e-mail to somebody knowing his e-mail address, what's a systematic way 
>to obtain the recipient's encryption certificate ?
>[...]
>I'm envisioning some standardized scheme where, by starting with the 
>recipient's email address, it would be possible to locate a public 
>directory server, then find the recipient's certificate by looking it up 
>in that directory server.

Sure.  See http://www.ietf.org/internet-drafts/draft-ietf-pkix-certstore-http-05.txt,
which proposes various methods of automated cert discovery, not just for
email clients but also for things like embedded devices.  The automated
discovery work is related to other work I did for automated PKI service
discovery, available at http://www.usenix.org/publications/library/proceedings/sec03/tech/gutmann.html.
It'll also be available from my home page in a week or two when I get back
home (uhh, and ignore the tongue-in-cheek comments about AOL users in there
:-).

Peter.

v2.43.4 | Report a Bug | By Email | System Status