[Top] [All Lists]

Re: Reducing signature sizes.

1998-04-08 22:36:53
Also keep in mind that many users will not have access to such a
repository, either because they have e-mail only connectivity, or
they are running offline when reading their mail.  It seems like
a bad idea to build the assumption into S/MIME that everyone is
always connected to the global internet.


David P. Kemp wrote:

From: Dr Stephen Henson <shenson(_at_)bigfoot(_dot_)com>

In the minimal case the user's certificate will not be provided. Also
since some of the CA's include the large disclaimers in the user
certificate this wont always help.

I agree with Steve.  The issuer name and serial number contained in
SignerInfo is sufficient to retrieve the user's certificate from
a repository.  If there were a global repository nothing more would
be needed.  However, there isn't.

It would be useful to define an S/MIME "subjectCertRepository"
attribute: a URI with syntax IA5String (as used in GeneralName).
This attribute, along with issuer/serial and a suitable amount of
handwaving would allow the user's cert to be retrieved using
LDAP, ftp, http, etc.

<Prev in Thread] Current Thread [Next in Thread>