IETF Logo Mail Archive

RE: dissemination of public encryption certificates

"Blake Ramsdell" <blake@brutesquadlabs.com> Sat, 09 August 2003 03:03 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA05195 for <smime-archive@lists.ietf.org>; Fri, 8 Aug 2003 23:03:58 -0400 (EDT)
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h792fFqt070720 for <ietf-smime-bks@above.proper.com>; Fri, 8 Aug 2003 19:41:15 -0700 (PDT) (envelope-from owner-ietf-smime@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h792fF2i070719 for ietf-smime-bks; Fri, 8 Aug 2003 19:41:15 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f
Received: from brutesquadlabs.com (gtec136-m.isomedia.com [207.115.67.136] (may be forged)) by above.proper.com (8.12.9/8.12.8) with ESMTP id h792fFqt070714 for <ietf-smime@imc.org>; Fri, 8 Aug 2003 19:41:15 -0700 (PDT) (envelope-from blake@brutesquadlabs.com)
Received: from DEXTER ([192.168.0.5]) by brutesquadlabs.com with ESMTP ; Fri, 8 Aug 2003 19:41:12 -0700
From: Blake Ramsdell <blake@brutesquadlabs.com>
To: 'Julien Pierre' <jpierre@netscape.com>, ietf-smime@imc.org
Subject: RE: dissemination of public encryption certificates
Date: Fri, 08 Aug 2003 19:41:12 -0700
Message-ID: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAARMPfbnbp50SwK3EZjypY2MKAAAAQAAAAd4sPKFP7uEWx4nz2yv+qnwEAAAAA@brutesquadlabs.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Importance: Normal
In-Reply-To: <3F34575C.2090205@netscape.com>
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Content-Transfer-Encoding: 7bit

> -----Original Message-----
> From: owner-ietf-smime@mail.imc.org 
> [mailto:owner-ietf-smime@mail.imc.org] On Behalf Of Julien Pierre
> Sent: Friday, August 08, 2003 7:07 PM
> To: ietf-smime@imc.org
> Subject: dissemination of public encryption certificates
> 
> If I have a keypair and e-mail certificate, and I want to 
> send encrypted 
> e-mail to somebody knowing his e-mail address, what's a 
> systematic way 
> to obtain the recipient's encryption certificate ?

Systematic is an interesting choice of words ;).

I have seen LDAP work (if properly configured).  For the most part, the
most reliable way I've seen is for an intended recipient to send a
signed message containing their encrypting certificate (which you are
about to point out ;)).

> Traditionally today, signed e-mail messages typically contain the 
> signer's public encryption certificate. However that means one party 
> needs to first send a signed unencrypted, e-mail message to 
> transmit the 
> public encryption certificate before both parties can 
> exchange encrypted 
> messages.

Yup.

> There are also ways to find recipient certificates today 
> using corporate 
> directory servers, but users must know about them and 
> manually configure 
> them in their applications, and they are typically not widely 
> available 
> on the Internet.

Yup.

> I'm envisioning some standardized scheme where, by starting with the 
> recipient's email address, it would be possible to locate a public 
> directory server, then find the recipient's certificate by 
> looking it up 
> in that directory server.

I believe that at least one proposal exists for this in the PKIX working
group -- look at the operational protocols for certificate store access.

> My main question is : has any similar scheme been proposed ? I would 
> rather work with something that exists, but if there is nothing that 
> fits, I'm open to writing an RFC.

Check out PKIX.  They're not taking new drafts, but there may be
something useful for you there.  Any work along these lines would most
likely be handled by that working group.

Blake

v2.43.4 | Report a Bug | By Email | System Status