-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Saturday 10 August 2002 00:46, Paul Hoffman / IMC wrote:
At 12:41 AM +0200 8/10/02, Marc Mutz wrote:
Oh, and why do Outlook, Notes and Groupwise need plugins for the
German S/MIME profile?
http://www.bsi.bund.de/aufgaben/projekte/sphinx/interop/ergeb102.htm
(sorry, in German, but "Tabelle 2" should be self-explanatory ;-)
It's not, sorry.
Well, every X stands for a point of non-interoperability...
What is in the "German profile" that isn't in the
IETF standard?
<snip>
The ISIS/MTTv2 standard consists of six parts, see
http://www.secorvo.de/publikat/mttspc20.zip.
The one most applicable to S/MIME is surely "Profiles for Certificates
and CRLs". It describes on 45 pages whata certificate needs to contain
and where. Same for CRLs.
I translate for you the first few paragraphs of the summary:
Q> The stucture of the present document essentially follows that of PKIX
Q> document "Cerificate and CRL Profile" [PKIX-PRO 98], which specifies
Q> a profile for an internet-PKI. [...]
Q>
Q> The profiles are based on the current standard X.509v3 [ITU-T X.509
Q. 97], while the v1.1 standard is based on X.509v1. The current
Q> standard allows to insert an unlimited number of additional fields in
Q> a certificate (certificate extensions) and in CRLs. Therefore, for
Q> interop's sake, a suitable selection needs to be carried out. The
Q> profiles serve primarily this purpose.
Q>
Q> Certificates and CRLs need to include all essential information that
Q> is needed for validity checks of digital signatures and keys. Hence
Q> there exists a close relationship between said information and the
Q> validity model(?) used.
Q>
Q> The validity model contained in the present document defines under
Q> which circumstances a digital signature will be considered valid.
Q> This ensures that all MailTrusT components employ the same check
Q> procedures.
Q>
Q> A prerequisite for validity checks is the presence of all needed
Q> certificates and CRLs. Obtaining these objects will generally depend
Q> on information contained in the certificates. This is also covered by
Q> the present document.
Q>
Q> The spec is divided into the following chapters:
Q> 2. definitions
Q> 3. certificate formats: A profile is defined for certifiates in a
Q> MailTrusT PKI.
Q> 4. CRL format: A profile is defined for CRLs in a MailTrusT PKI
Q> 5. validity model
Q> 6. check of certificate path
IIRC, this doc needs to concern itself with such seemingly trivial
things as "where do I find the email address to which this certificate
is bound?" for a given certificate...
Marc
Mutig warf sich die kleine Überwachungskamera zwischen Täter und Opfer!
--Rena Tangens / FoeBuD e.V.
- --
Marc Mutz <mutz(_at_)kde(_dot_)org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE9VGJJ3oWD+L2/6DgRAjcyAKD/EtOEh7kgoMhZRBLrMTkGtLoIfQCeMmNJ
5guhs5lNtbIp9vWxnvFGikE=
=DuLY
-----END PGP SIGNATURE-----