On Jan 12, 2008, at 2:17 AM, Peter Gutmann wrote:
Someone recently asked on a security list whether there was a
simple way of
putting your public key on a web server based on "a set of goals,
hopefully
sufficiently unambitious, so one knows what one wants to do very
precisely.
Given those, I suspect a decent spec replacing hundreds of pages of
currently
'standard' and useless mechanism could be crafted in about 10 to 30
pages)".
My response was "You've just described RFC 4387 :-)". The list
reaction was
that no-one had known until then that this document even existed,
so I'm
posting this to a couple of lists where people might find it useful.
Don't be mislead by the title (http://www.ietf.org/rfc/
rfc4387.txt), it was
published under the auspices of PKIX but it's really "a simple, fairly
universal means of publishing your public key via HTTP". The
CACert folks
have set up a Wiki page to cover implementation info, feedback, and
comments:
http://wiki.cacert.org/wiki/RFC4387.
(Please, no religious arguments over this: If you think it's
useful, implement
it. If not, ignore it).
Peter--
Very timely; we were just discussing something essentially like this
around my office last week. I see you've got cryptlib support, but
are there any other implementations in the pipeline?
-- Tim
smime.p7s
Description: S/MIME cryptographic signature