ietf-smime
[Top] [All Lists]

RE: Corporate Key mechanism

1998-01-23 14:41:26
On Friday, January 23, 1998 1:30 PM, jsp(_at_)jgvandyke(_dot_)com
[SMTP:jsp(_at_)jgvandyke(_dot_)com] wrote:
I respectfully disagree that we should add complexity to the S/MIME specs
to
support key recovery.  If a user community desires to support key
recovery,
then they can populate a private extension in each of their subscriber's
certs that specifies the "corporate key" cert.  When the application
builds
a CMS envelopedData for the recipient, then the app examines the private
extension in the recipient's cert to detemine the "corporate key" cert.
Then the app can build a recipientInfo for the "corporate key" cert in
addition to the recipient's recipientInfo.  This strategy can be
implemented
without mentioning it in the S/MIME specs at all.

I agree completely -- the only point that Steve was making is that this
is a useful thing in some communities, and we should try to standardize
it so that different products will interoperate.  The best way that this
can happen is to have a draft that either lives in the S/MIME or PKIX WG
that explains how it should be implemented.

It seems to me that a draft that explains this can be relatively short:

1. Define an X.509 v3 extension OID
2. Define a syntax for this extension (in this case, a complete X.509
certificate)
3. Define semantics for using this extension (create another
recipientInfo for that certificate)
4. Explain the political implications, when the criticality flag should
be set, etc.

Putting on my "I'm a capitalist scumbag with a fiduciary responsibility
to my shareholders, blah, blah" hat for a second, this is an issue that
we would like to investigate due to large customer demand.  The question
is whether or not this is useful to the S/MIME community at large, the
X.509 community at large, or it's just an issue for us.

Blake
--
Blake C. Ramsdell
Worldtalk Corporation
For current info, check http://www.deming.com/users/blaker
Voice +1 425 882 8861 x103  Fax +1 425 882 8060


<Prev in Thread] Current Thread [Next in Thread>