From: "Anil R. Gangolli" <gangolli(_at_)StructuredArts(_dot_)com>
Since there are a number of mechanisms in use today that allow PKCS-10
submitted over other certificate management protocol schemes (e.g. ones
using
HTTP and HTML forms). I think there is value in separating these and
including both, as well as in indicating the acceptability of e-mail and
other submission schemes incorporating PKCS-10 but not necessarily
PKIX CMP.
I also think that the level of support for PKIX CMP is not adequate
to merit its specification as the sole means of certification request
in the S/MIME v3 timeframe.
Anil,
You are, as usual, correct. S/MIME may specify the optional use of any
number of certificate management request message formats and transport
mechanisms, including various combinations of PKCS-7, PKCS-10, HTML,
HTTP, SMTP, FTP, etc.
But IMO, IETF S/MIME should specify a single certificate management
message format as a MUST-implement, and that should be the syntax
specified by PKIX CMP. Implementors are always free to include
additional functionality over and above that required by the spec.
I expect most vendors will offer both S/MIME v2 and legacy PKCS-10
support even if S/MIME v3 does not require them.