IETF Logo Mail Archive

RE: I-D ACTION:draft-santesson-smime-scext-00.txt

"Stefan Santesson" <stefans@microsoft.com> Thu, 12 August 2004 11:24 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA23689 for <smime-archive@lists.ietf.org>; Thu, 12 Aug 2004 07:24:06 -0400 (EDT)
Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id i7CB7ScL036333; Thu, 12 Aug 2004 04:07:28 -0700 (PDT) (envelope-from owner-ietf-smime@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i7CB7S14036332; Thu, 12 Aug 2004 04:07:28 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f
Received: from mail-eur.microsoft.com (mail-eur.microsoft.com [213.199.128.145]) by above.proper.com (8.12.11/8.12.9) with ESMTP id i7CB7QbU036308 for <ietf-smime@imc.org>; Thu, 12 Aug 2004 04:07:27 -0700 (PDT) (envelope-from stefans@microsoft.com)
Received: from EUR-MSG-03.europe.corp.microsoft.com ([65.53.192.44]) by mail-eur.microsoft.com with Microsoft SMTPSVC(6.0.3790.0); Thu, 12 Aug 2004 12:07:05 +0100
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Subject: RE: I-D ACTION:draft-santesson-smime-scext-00.txt
Date: Thu, 12 Aug 2004 12:07:27 +0100
Message-ID: <0C3042E92D8A714783E2C44AB9936E1D1A6354@EUR-MSG-03.europe.corp.microsoft.com>
Thread-Topic: I-D ACTION:draft-santesson-smime-scext-00.txt
thread-index: AcSAS7sA8Nni4AbHSIS1urzznBdzrgAD3KL5
From: Stefan Santesson <stefans@microsoft.com>
To: Anders Rundgren <anders.rundgren@telia.com>, ietf-smime@imc.org
X-OriginalArrivalTime: 12 Aug 2004 11:07:05.0844 (UTC) FILETIME=[80BD1B40:01C4805C]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id i7CB7RbU036326
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Content-Transfer-Encoding: 8bit

Anders, 
 
It's a helpful tool, not a requirement for S/MIME.
 
No one is required to use this.
If your CA don't have this info or it is not working with your client structure, then don't use it.
 
It is however useful in a very large part of the enterprise use cases where this is currently deployed without any problems. It helps avoid a lot of uinnecessary occurances of bad 40 bit encryption in initial exchanges.
 
 
Stefan Santesson
Consulting Operations Specialist
Microsoft Security Center of Excellence (SCOE)

________________________________

From: owner-ietf-smime@mail.imc.org on behalf of Anders Rundgren
Sent: Thu 8/12/2004 10:34 AM
To: ietf-smime@imc.org
Subject: Re: I-D ACTION:draft-santesson-smime-scext-00.txt




I have no comments on the "design" in this draft.

However, I seriously question the idea to put client software
capabilities in certificates.

Why?
- because issuers may not have this information
- because users may have multiple clients
- because static solutions are limiting

If we begin to use dynamic methods like XKMS + DNS to find
public keys of recipients, SCEXT represents a step in another direction.

Due to the limited utility of true end-to-end encryption in corporate
environments (the DOMSEC RFC shows a few good reasons to that),
as well as the de-facto use of the web as a distribution medium for
e-government purposes (which is a much easier solution than S/MIME),
I believe that Microsoft should focus on making a gateway e-mail
standard a reality rather than patching a system that never will play
a major role and actually mostly creates problems for end-users and
system administrators.

Anders

v2.23.0 | Report a Bug | By Email