IETF Logo Mail Archive

Re: PKI and S/MIME

Steve Hole <steve.hole@messagingdirect.com> Thu, 14 August 2003 16:59 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA18071 for <smime-archive@lists.ietf.org>; Thu, 14 Aug 2003 12:59:29 -0400 (EDT)
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h7EGg7qt004889 for <ietf-smime-bks@above.proper.com>; Thu, 14 Aug 2003 09:42:07 -0700 (PDT) (envelope-from owner-ietf-smime@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h7EGg7wq004888 for ietf-smime-bks; Thu, 14 Aug 2003 09:42:07 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f
Received: from rembrandt.esys.ca (rembrandt.esys.ca [198.161.92.131]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h7EGg5qt004880 for <ietf-smime@imc.org>; Thu, 14 Aug 2003 09:42:05 -0700 (PDT) (envelope-from steve.hole@messagingdirect.com)
Received: from kepler (kepler.esys.ca [198.161.92.108]) (authenticated) by rembrandt.esys.ca (8.11.6/8.11.0.Beta0) with ESMTP id h7EGjiV32463; Thu, 14 Aug 2003 10:45:45 -0600
From: Steve Hole <steve.hole@messagingdirect.com>
Date: Thu, 14 Aug 2003 10:45:45 -0700
To: Simon Josefsson <jas@extundo.com>
Subject: Re: PKI and S/MIME
Cc: Blake Ramsdell <blake@brutesquadlabs.com>, 'Anders Rundgren' <anders.rundgren@telia.com>, ietf-smime@imc.org, "'Sean P. Turner'" <turners@ieca.com>
In-Reply-To: <ilufzk5ktow.fsf@latte.josefsson.org>
References: <ilufzk5ktow.fsf@latte.josefsson.org> <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAARMPfbnbp50SwK3EZjypY2MKAAAAQAAAAQVKABfNPsUqsKQWmJVuOUAEAAAAA@brutesquadlabs.com>
Message-ID: <EXECMAIL.20030814104545.H@kepler.messagingdirect.com>
X-Mailer: Execmail for Win32 6.0.0 alpha Build (1)
MIME-Version: 1.0
Content-Type: Text/Plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id h7EGg5qt004882
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Content-Transfer-Encoding: 8bit

On Thu, 14 Aug 2003 01:45:51 +0200 Simon Josefsson <jas@extundo.com> wrote:

> I believe that what is lacking is not a technical solution (DNS CERT
> RR, LDAP and SRV, etc) but a guideline document, supported by the
> S/MIME community, that you can point at when e-mail application makers
> ask question such as the one that started this thread.
> 
> One reason why the DNS CERT solution has been proposed, may be that
> the LDAP via SRV idea hasn't been fully documented in a Internet-wide
> S/MIME environment, leaving the problem unsolved.

I agree.   The problem with PKI has always been that it is difficult to 
experiment.   I think that we have enough real world experience now that 
we should try some alternative things.   I think that we do need to 
experiment with this.   It's time to come up with some working solutions 
and then document them, not the other way around.

 
> One argument for certificates in DNS could be that many ISPs are
> familiar with running public DNS, but not as many ISPs run public
> LDAP.  So instead of upgrading their tools, they would have to learn
> new tools with LDAP.  [All under the assumption that ISPs will be
> required to administer the certificate directory, which I'm not sure
> is the best solution.]

Yes.

Cheers.

---
Steve Hole
Chief Technical Officer - Electronic Billing and Payment Systems
ACI Worldwide

Email: holes@aciworldwide.com
Phone: 780 424 4922

v2.29.0 | Report a Bug | By Email | System Status