On Fri, Jan 23, 2015 at 7:21 AM, Tony Rutkowski <tony(_at_)yaanatech(_dot_)com>
wrote:
Great idea. Better yet, produce a RFC
for S/MIME cert exchanges based on the
idea.
On 2015-01-23 4:59 AM, Michael Ströder wrote:
HI!
Still getting S/MIME certs of other mail users is a unsolved problem.
Would it make sense if the IETF would simply host a non-WG mailing list for
simply publishing S/MIME certs via e-mail?
So if mailing list members get a new S/MIME cert they send a signed e-mail
with almost empty content to the mailing list and all subscribers get the
certs and S/MIME capabilities.
Ciao, Michael.
I am working on code for something very similar.
Right now we have two IETF projects, TRANS and ACME that might have a lot
of bearing on filling in the gaps in SMIME.
ACME is not yet a WG, the initial proposal is limited to TLS certs but if
the protocol is properly designed it could fix the problem as follows:
* Some JSON based web service allows an email client to register certs and
encrypted private keys with a service. This might be a locally run service
or a TTP service (aka CA).
* The service registers the certs in a TRANS log just for certs.
* We use a globally unique key identifier formed from the hash of the
KeyInfo block as a locator / PGP type fingerprint.
* Location services search any public TRANS log.
I almost have code complete. See prismproof.org for details, specs, code,
etc.
_______________________________________________
smime mailing list
smime(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/smime