----------
From: Phillip M Hallam-Baker[SMTP:pbaker(_at_)verisign(_dot_)com]
Sent: Wednesday, December 17, 1997 3:54 PM
The issue is whether someone can send confidential
information to the subject of the certificate. If there is no
email address they are not going to be able to use it for
S/MIME.
I may have missed something here. Is there an OID or
something in the X.509 certificate that identifies it as an
S/MIME certificate?
This is the real problem. But consider what happens if there is
no email address in the cert - you don't know how to contact the
person.
This is like saying that without caller id, you don't know how to
call someone because you don't know what there phone number
is.
Phill
Another point -- If I am using a non-Internet client i.e. Microsoft
Mail, and I am sending to a person inside of my local enclave, My
client knows nothing about any RFC822 addresses. That only
comes into play when I send it out through a gateway.
Larry