RE: dissemination of public encryption certificates
Alberti Antoine <aalberti@axway.com> Mon, 11 August 2003 09:07 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA10757 for <smime-archive@lists.ietf.org>; Mon, 11 Aug 2003 05:07:34 -0400 (EDT)
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h7B8Zpqt009884 for <ietf-smime-bks@above.proper.com>; Mon, 11 Aug 2003 01:35:51 -0700 (PDT) (envelope-from owner-ietf-smime@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h7B8ZpaK009883 for ietf-smime-bks; Mon, 11 Aug 2003 01:35:51 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f
Received: from sopragroup.com (smtp1.zpar1.sopragroup.com [213.223.36.98]) by above.proper.com (8.12.9/8.12.8) with SMTP id h7B8Zmqt009860 for <ietf-smime@imc.org>; Mon, 11 Aug 2003 01:35:50 -0700 (PDT) (envelope-from aalberti@axway.com)
Received: (qmail 26940 invoked from network); 11 Aug 2003 08:35:41 -0000
Received: from Antivirus (HELO Antivirus) (Antivirus@Antivirus) by smtp1.sopragroup.com with SMTP; 11 Aug 2003 08:35:41 -0000
Received: by nt1022.pa.sopra with Internet Mail Service (5.5.2653.19) id <QT75MNGS>; Mon, 11 Aug 2003 10:35:40 +0200
Message-ID: <2B77C2DE2313254A9065D1C3B68A0CFE1A7950@nt1022.pa.sopra>
From: Alberti Antoine <aalberti@axway.com>
To: 'Julien Pierre' <jpierre@netscape.com>, "'ietf-smime@imc.org'" <ietf-smime@imc.org>
Subject: RE: dissemination of public encryption certificates
Date: Mon, 11 Aug 2003 10:35:39 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
I believe some work is being done about this issue and DNS in the PKIX working group. Regards. -----Message d'origine----- De : owner-ietf-smime@mail.imc.org [mailto:owner-ietf-smime@mail.imc.org]De la part de Julien Pierre Envoye : samedi 9 aout 2003 04:07 A : ietf-smime@imc.org Objet : dissemination of public encryption certificates Hi, Since this is my first posting to this mailing list, let me introduce myself : I'm a software engineer in AOL / Netscape and one of my responsibilities for several years has been to maintain the open source Netscape Security Services (NSS) library, which is used in the Mozilla browsers, many Netscape and Sun servers, and other internal products. The NSS library contains an implementation of S/MIME v3. I was wondering what thoughts you may have on the following problem : If I have a keypair and e-mail certificate, and I want to send encrypted e-mail to somebody knowing his e-mail address, what's a systematic way to obtain the recipient's encryption certificate ? Traditionally today, signed e-mail messages typically contain the signer's public encryption certificate. However that means one party needs to first send a signed unencrypted, e-mail message to transmit the public encryption certificate before both parties can exchange encrypted messages. There are also ways to find recipient certificates today using corporate directory servers, but users must know about them and manually configure them in their applications, and they are typically not widely available on the Internet. I'm envisioning some standardized scheme where, by starting with the recipient's email address, it would be possible to locate a public directory server, then find the recipient's certificate by looking it up in that directory server. My main question is : has any similar scheme been proposed ? I would rather work with something that exists, but if there is nothing that fits, I'm open to writing an RFC. Also, what are the other ways that people locate recipient S/MIME e-mail encryption certificates ? Thanks.
- dissemination of public encryption certificates Julien Pierre
- RE: dissemination of public encryption certificat… Blake Ramsdell
- RE: dissemination of public encryption certificat… Alberti Antoine
- Re: dissemination of public encryption certificat… Alberto Cozer
- RE: dissemination of public encryption certificat… Hallam-Baker, Phillip
- Re: dissemination of public encryption certificat… Simon Josefsson
- Re: dissemination of public encryption certificat… Anders Rundgren
- RE: dissemination of public encryption certificat… Julien Pierre
- RE: dissemination of public encryption certificat… Julien Pierre
- Re: dissemination of public encryption certificat… Julien Pierre
- Re: dissemination of public encryption certificat… Julien Pierre
- Re: dissemination of public encryption certificat… Steve Hole
- RE: dissemination of public encryption certificat… Hallam-Baker, Phillip
- Re: dissemination of public encryption certificat… Michael Helm
- RE: dissemination of public encryption certificat… Hallam-Baker, Phillip
- RE: dissemination of public encryption certificat… Blake Ramsdell
- RE: dissemination of public encryption certificat… Julien Pierre
- RE: dissemination of public encryption certificat… Julien Pierre
- Re: dissemination of public encryption certificat… Julien Pierre
- RE: dissemination of public encryption certificat… Paul Hoffman / IMC
- Re: dissemination of public encryption certificat… Anders Rundgren
- Re (subtopic): LDAP certificate distribution Steve Hole
- Re (subtopic): certificate issuance and trust Steve Hole
- Re: dissemination of public encryption certificat… Julien Pierre
- Re: Re (subtopic): certificate issuance and trust Julien Pierre
- Re: Re (subtopic): LDAP certificate distribution Vadim Fedukovich
- Re: Re (subtopic): certificate issuance and trust Steve Hole
- Re: Re (subtopic): certificate issuance and trust Julien Pierre
- Re (subtopic): Four corner model Anders Rundgren
- Re: dissemination of public encryption certificat… Peter Gutmann