I'll just note in passing that the MTA could search its certificate
revocation database for messages it forwards and attach appropriate
revocations along with the message (perhaps as a header). The offline
MUA would then receive any associated certificate revocations at the
same time it receives the message, and would be able to deal with them
appropriately. This sort of just-in-time certificate revocation
delivery seems to balance online and offline requirements appropriately.
- dan
-----Original Message-----
From: Brad Templeton [mailto:brad(_at_)templetons(_dot_)com]
Sent: Friday, 1999-03-26 12:58
To: Rick Troth
Cc: Keith Moore; Chris Newman; ietf-822(_at_)imc(_dot_)org
Subject: Re: Signed headers in email (was Re: Draft for signed headers)
On Fri, Mar 26, 1999 at 02:53:03PM -0600, Rick Troth wrote:
MTAs, which operate on larger servers and which are also normally
online, can handle certificate revocation.
MTAs have no business making decisions on users' behalf.
It could be done at the message store, perhaps, but not in the MTA.
I second this. MTAs should stay out of it, leaving the
content alone, simply passing traffic. Message Store is an
implementation thing and could legitimately get involved.
While I generally agree, I simply point out the problem that any
signature system with certificates needs to also support revocation of
certificates, and it is highly unlikely that individual mail clients,
especially when offline, will track the entire stream of revoked
certificates or have access to it. Only larger servers, and online
servers, will have reasonable access to the revocation database. This
could be MTAs or message delivery programs, as you say. I simply wish
to point out that end-to-end verification of signatures is not really
workable with offline clients if you want to support signature
revocation.
The USENET-format group is deferring the whole question for now.