IETF Logo Mail Archive

RE: PKI and S/MIME

Steve Hole <steve.hole@messagingdirect.com> Thu, 14 August 2003 17:26 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA18881 for <smime-archive@lists.ietf.org>; Thu, 14 Aug 2003 13:26:52 -0400 (EDT)
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h7EH66qt006614 for <ietf-smime-bks@above.proper.com>; Thu, 14 Aug 2003 10:06:06 -0700 (PDT) (envelope-from owner-ietf-smime@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h7EH66LA006613 for ietf-smime-bks; Thu, 14 Aug 2003 10:06:06 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f
Received: from rembrandt.esys.ca (rembrandt.esys.ca [198.161.92.131]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h7EH64qt006603 for <ietf-smime@imc.org>; Thu, 14 Aug 2003 10:06:04 -0700 (PDT) (envelope-from steve.hole@messagingdirect.com)
Received: from kepler (kepler.esys.ca [198.161.92.108]) (authenticated) by rembrandt.esys.ca (8.11.6/8.11.0.Beta0) with ESMTP id h7EH9lV32668; Thu, 14 Aug 2003 11:09:47 -0600
From: Steve Hole <steve.hole@messagingdirect.com>
Date: Thu, 14 Aug 2003 11:09:47 -0700
To: "Hallam-Baker, Phillip" <pbaker@verisign.com>
Subject: RE: PKI and S/MIME
Cc: 'Anders Rundgren' <anders.rundgren@telia.com>, Blake Ramsdell <blake@brutesquadlabs.com>, Simon Josefsson <jas@extundo.com>, ietf-smime@imc.org, "'Sean P. Turner'" <turners@ieca.com>
In-Reply-To: <2A1D4C86842EE14CA9BC80474919782E01113011@mou1wnexm02.verisign.com>
References: <2A1D4C86842EE14CA9BC80474919782E01113011@mou1wnexm02.verisign.com>
Message-ID: <EXECMAIL.20030814110947.I@kepler.messagingdirect.com>
X-Mailer: Execmail for Win32 6.0.0 alpha Build (1)
MIME-Version: 1.0
Content-Type: Text/Plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id h7EH64qt006604
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Content-Transfer-Encoding: 8bit

On Thu, 14 Aug 2003 05:30:34 -0700 "Hallam-Baker, Phillip" 
<pbaker@verisign.com> wrote:

> We considered certs in the DNS and LDAP before designing XKMS and rejected
> them. Both technologies have been available for at least 6 years with
> negligible uptake. 

This is true for LDAP, but is it true for DNS?   What specific "deploy 
certs in DNS" technology are you talking about?

> We needed a new protocol because there was no acceptable
> existing solution. Sometimes designing a new protocol from scratch is better
> than attempting to use an inappropriate one.

Fair enough.  Then you better figure out how, exactly, you are going to 
deploy your new protocol for use with S/MIME.   Specifically, you must do 
what Blake suggests and write a profile for use.    In particular, if I'm 
sitting in my Netscape client and I want to send an encrypted message to 
"Blake Ramsdell <blake@brutesquadlabs.com>" without any prior contact, how
am I going to do that?

That profile must describe:

1.  The collection of services and publication points for accessing the 
information.

2.  The approach that a client must take to do the lookup and resolve the 
requested certificate.

I'm sure that you can do it.   I'm also sure that you are going to have to
do *something* with DNS because how are you ever going to find your xkms 
server?   If there is an external xkms global hierarchy planned, then 
pardon me if I'm dubious, but who is going to run the root?   (Hint: I'm 
unlikely to like *any* answer to that last question :-).

Chers.

---
Steve Hole
Chief Technical Officer - Electronic Billing and Payment Systems
ACI Worldwide

Email: holes@aciworldwide.com
Phone: 780 424 4922

v2.29.0 | Report a Bug | By Email | System Status