Also I wouldn't want my MUA to automagically send any e-mail.
Surely this would be abused in some way.
Countermeasures (e.g., response rate throttling) also abound. As long as the
MUA receiving the GETSMIME command doesn't copy anything from that command into
the signed response I wouldn't be overly concerned re: actual cryptographic
attacks (such as signature collisions).
The really sad fact is that e.g. Mozilla's S/MIME support was much better in
Netscape Communicator in 1998. Back then you could simply retrieve the
e-mail cert via LDAP. Anyone remember signed attribute 'userSMIMECertificate'
which the user could create and send himself?
It's widely implemented.
https://msdn.microsoft.com/en-us/library/ms680866(v=vs.85).aspx
And--in an *enterprise* environment--discovery via this method works quite
well. Invisibly, even (excluding error conditions).
Unfortunately, the One Directory to Rule Them All was a pipe dream, so we ended
up with lots of smaller, *mutually unreachable* directories. It's this
partitioning that's the problem y'all want to tackle.
-- T
_______________________________________________
smime mailing list
smime(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/smime