ietf-smime
[Top] [All Lists]

Checking the From address against the cert (was RE: draft-ietf-smime-cert)

1997-12-16 22:47:38
On Tuesday, December 16, 1997 3:51 PM, Anil R. Gangolli
[SMTP:gangolli(_at_)StructuredArts(_dot_)com] wrote:
Elliott N Ginsburg wrote:

There are several issues to be addressed in this draft:
1) Should there be mandatory processing of email addresses in
certificates

Yes, we discussed this at length in forming the current draft.  I believe
it was
agreed that we should make a check mandatory, but there was well-
warranted
resistance toward putting anything about how success or failure of this
check would end up at any presentation or application layer.  It was
agreed
this was outside the scope of the spec.

We had another discussion about this at the WG meeting in DC.  I believe
that Jim Schaad and I come down on the side of "the RFC822 name is
unauthenticated, so any comparison to information in the certificate is
interesting, but not necessarily useful."

I don't know if there is any further action we should take with this,
but the rathole detector went off during the WG meeting and we squashed
the discussion (Paul suggested we should bring it up on the list, which
has happened).  As you point out, perhaps more discussion in the
Security Considerations section would be useful.

Blake
--
Blake C. Ramsdell
Worldtalk Corporation
For current info, check http://www.deming.com/users/blaker
Voice +1 425 882 8861 x103  Fax +1 425 882 8060


<Prev in Thread] Current Thread [Next in Thread>