On Fri, 2005-02-25 at 17:45 -0800, Hallam-Baker, Phillip wrote:
I still fail to see how you are improving on the paper written by Russ
Housely who I think knows rather more about this area than you have
demonstrated so far.
The excellent review by Russell Housley raised concerns. The draft I
provided offers modest and practical solutions for these concerns, while
considering their impact and rational.
When done on a per-user per-email-message basis at the MTA, requirements
for certificates and revocation information appear problematic in terms
of both storage and traffic burden. While OCSP does not appear well
suited for this purpose, rather than discussing merits of a particular
polling scheme, I was attempting to consider just those immutable
elements.
If you wish to assemble cost/overhead estimates for scaling an
implementation of certificates to the email user level, and I will be
happy to include those calculations. I am sure there will be many
wanting to review this alternative.
-Doug