On Jan 23, 2015, at 11:15 AM, Phillip Hallam-Baker
<phill(_at_)hallambaker(_dot_)com> wrote:
What you describe is a CA in that it issues certs.
...and also has a directory of the issued certs.
Much better to have a low fidelity CA than no CA at all.
Definitely. Maybe DANE will be a solution, but there is very little energy
there.
Comodo is currently providing free S/MIME certs to individuals which is
inside the PKIX model.
So is StartSSL. However, the problem that Michael would then have is how many
places he should look for a cert for ex(_at_)ample(_dot_)com. And what to do if
he sees two overlapping but disagreeing certs when he looks in multiple places.
Nothing new here.
--Paul Hoffman
_______________________________________________
smime mailing list
smime(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/smime