Re: The address-in-certs issue

ietf-smime

Re: The address-in-certs issue

1997-12-17 14:23:42

David, I'm not sure what you *would* put in the signature and the cert,
then. When I receive a signed message, I want to verify that it came from
someone I trust. The "came from" information is in the unauthenticated
RFC822 headers. With some DN in the signature and cert, I can verify that
the signature was made by someone our mutually-trusted CA says it does, but
there is no binding between that and the message I received.

My question is, if we don't use mail addresses in mail signatures and
certs, what do we use? Or, are you suggesting we say "you cannot validate
signatures on email as being associated with them messages"?


--Paul Hoffman, Director
--Internet Mail Consortium

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
The address-in-certs issue, Paul Hoffman / IMC Re: The address-in-certs issue, Anil R. Gangolli Re: The address-in-certs issue, Russ Housley Re: The address-in-certs issue, Elliott N Ginsburg Re: The address-in-certs issue, David P. Kemp Re: The address-in-certs issue, Paul Hoffman / IMC <= Re: The address-in-certs issue, John Gardiner Myers Re: The address-in-certs issue, Elliott N Ginsburg Re: The address-in-certs issue, John Gardiner Myers Re: The address-in-certs issue, Elliott N Ginsburg RE: The address-in-certs issue, Ron Craswell Re: The address-in-certs issue, John Pettitt Re: The address-in-certs issue, Stefan Kelm RE: The address-in-certs issue, Scott Hollenbeck RE: The address-in-certs issue, Tim Dean Re: The address-in-certs issue, David P. Kemp

Previous by Date:	re: draft-ietf-smime-cert, Ed Gerck
Next by Date:	RE: S/MIME counter-signature: comment and question -Reply, Trevor Freeman
Previous by Thread:	Re: The address-in-certs issue, David P. Kemp
Next by Thread:	Re: The address-in-certs issue, John Gardiner Myers
Indexes:	[Date] [Thread] [Top] [All Lists]