IETF Logo Mail Archive

dissemination of public encryption certificates

jpierre@netscape.com (Julien Pierre) Sat, 09 August 2003 02:38 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA04566 for <smime-archive@lists.ietf.org>; Fri, 8 Aug 2003 22:38:57 -0400 (EDT)
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h7926Zqt069811 for <ietf-smime-bks@above.proper.com>; Fri, 8 Aug 2003 19:06:35 -0700 (PDT) (envelope-from owner-ietf-smime@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h7926ZhW069810 for ietf-smime-bks; Fri, 8 Aug 2003 19:06:35 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f
Received: from netscape.com (r2d2.aoltw.net [64.236.137.26]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h7926Yqt069803 for <ietf-smime@imc.org>; Fri, 8 Aug 2003 19:06:34 -0700 (PDT) (envelope-from jpierre@netscape.com)
Received: from judge.mcom.com (judge.nscp.aoltw.net [10.169.8.47]) by netscape.com (8.10.0/8.10.0) with ESMTP id h7926Ni05172 for <ietf-smime@imc.org>; Fri, 8 Aug 2003 19:06:23 -0700 (PDT)
Received: from kitty.nscp.aoltw.net ([10.169.25.23]) by judge.mcom.com (Netscape Messaging Server 4.15) with ESMTP id HJBXUC01.N1W; Fri, 8 Aug 2003 19:06:12 -0700
Date: Fri, 08 Aug 2003 19:07:24 -0700
From: jpierre@netscape.com
Subject: dissemination of public encryption certificates
To: ietf-smime@imc.org
Message-ID: <3F34575C.2090205@netscape.com>
X-Mailer: AOL Communicator (20030718.2230-ddrinan Win)
Organization: Netscape
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha1"; boundary="------------ms010704000904080802040505"
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>

Hi,

Since this is my first posting to this mailing list, let me introduce 
myself :

I'm a software engineer in AOL / Netscape and one of my responsibilities 
for several years has been to maintain the open source Netscape Security 
Services (NSS) library, which is used in the Mozilla browsers, many 
Netscape and Sun servers, and other internal products. The NSS library 
contains an implementation of S/MIME v3.

I was wondering what thoughts you may have on the following problem :

If I have a keypair and e-mail certificate, and I want to send encrypted 
e-mail to somebody knowing his e-mail address, what's a systematic way 
to obtain the recipient's encryption certificate ?

Traditionally today, signed e-mail messages typically contain the 
signer's public encryption certificate. However that means one party 
needs to first send a signed unencrypted, e-mail message to transmit the 
public encryption certificate before both parties can exchange encrypted 
messages.

There are also ways to find recipient certificates today using corporate 
directory servers, but users must know about them and manually configure 
them in their applications, and they are typically not widely available 
on the Internet.

I'm envisioning some standardized scheme where, by starting with the 
recipient's email address, it would be possible to locate a public 
directory server, then find the recipient's certificate by looking it up 
in that directory server.

My main question is : has any similar scheme been proposed ? I would 
rather work with something that exists, but if there is nothing that 
fits, I'm open to writing an RFC.

Also, what are the other ways that people locate recipient S/MIME e-mail 
encryption certificates ?

Thanks.

v2.43.4 | Report a Bug | By Email | System Status