IETF Logo Mail Archive

RE: PKI and S/MIME

Steve Hole <steve.hole@messagingdirect.com> Thu, 14 August 2003 16:56 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA17975 for <smime-archive@lists.ietf.org>; Thu, 14 Aug 2003 12:56:20 -0400 (EDT)
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h7EGcEqt004313 for <ietf-smime-bks@above.proper.com>; Thu, 14 Aug 2003 09:38:14 -0700 (PDT) (envelope-from owner-ietf-smime@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h7EGcEoR004312 for ietf-smime-bks; Thu, 14 Aug 2003 09:38:14 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f
Received: from rembrandt.esys.ca (rembrandt.esys.ca [198.161.92.131]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h7EGcCqt004300 for <ietf-smime@imc.org>; Thu, 14 Aug 2003 09:38:12 -0700 (PDT) (envelope-from steve.hole@messagingdirect.com)
Received: from kepler (kepler.esys.ca [198.161.92.108]) (authenticated) by rembrandt.esys.ca (8.11.6/8.11.0.Beta0) with ESMTP id h7EGg1V32422; Thu, 14 Aug 2003 10:42:01 -0600
From: Steve Hole <steve.hole@messagingdirect.com>
Date: Thu, 14 Aug 2003 10:42:02 -0700
To: Blake Ramsdell <blake@brutesquadlabs.com>
Subject: RE: PKI and S/MIME
Cc: ietf-smime@imc.org
In-Reply-To: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAARMPfbnbp50SwK3EZjypY2MKAAAAQAAAAQVKABfNPsUqsKQWmJVuOUAEAAAAA@brutesquadlabs.com>
References: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAARMPfbnbp50SwK3EZjypY2MKAAAAQAAAAQVKABfNPsUqsKQWmJVuOUAEAAAAA@brutesquadlabs.com> <006901c361be$9f4ba080$0500a8c0@arport>
Message-ID: <EXECMAIL.20030814104202.G@kepler.messagingdirect.com>
X-Mailer: Execmail for Win32 6.0.0 alpha Build (1)
MIME-Version: 1.0
Content-Type: Text/Plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id h7EGcCqt004302
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Content-Transfer-Encoding: 8bit

On Wed, 13 Aug 2003 15:05:49 -0700 Blake Ramsdell 
<blake@brutesquadlabs.com> wrote:

> A better question for the DNS distribution of certificates is whether or
> not this smells like it would be the most likely thing to get deployed.
> My understanding is that you would need DNS servers that supported the
> particular record types required for this functionality, as well as
> administrative tools to upgrade those records that are different than
> typical DNS administration tools.  To me, that doesn't smell as good.

Actually, I think that there are two barriers:

1. Deployment of DNS-SEC. People have to go out of their way to do it 
right now.   It takes some work both to deploy the right software and to 
get the relationship set up with the domain registration service.   Not 
all services offer it.

2. Client support.   Basically this means that Outlook, Outlook Express, 
Netscape (and down the list) of clients have to support it.   It means a 
CSP for the Windows twins and a module in the new Netscape/Mozilla 
security API.

Of the two, the second is the hardest.   Policy, usage and deployment of 
S/MIME and PKI is very much shaped by the implementation of the clients.  
Any changes have to propogate through the clients to be useful.

Cheers.

---
Steve Hole
Chief Technical Officer - Electronic Billing and Payment Systems
ACI Worldwide

Email: holes@aciworldwide.com
Phone: 780 424 4922

v2.29.0 | Report a Bug | By Email | System Status