Re: Problem for public CAs

At 04:10 PM 2/14/00 -0700, Bob Jueneman wrote:

Instead, in the case of a signed message the From address should be viewed
as secondary, and the certificate contents the primary information.

From a security standpoint, this is right. From a UI standpoint, it mightnot be. Assume I have a different email address in my cert than in theFrom: header of a message I send you, that your S/MIME client has informedyou of that, and you agreed. Now you want to reply to my message. Youprobably don't want to reply to the email address in my cert, but youmight. There are essentially two From vales: the certificate one and theinsecure-and-possibly-altered one.

Of course, we have to face the fact that NEITHER the DN nor the RFC822 address
may be particularly relevant or informative.


Exactly right.

And, no, I'm not proposing a solution here.

--Paul Hoffman, Director
--Internet Mail Consortium

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Problem for public CAs, (continued) Re: Problem for public CAs, HORII Naoto RE: Problem for public CAs, David P. Kemp RE: Problem for public CAs, Tim Dean Re: Problem for public CAs, David P. Kemp Re: Problem for public CAs, Dean Povey Re: Problem for public CAs, John_Payne Re: Problem for public CAs, David P. Kemp Re: Problem for public CAs, Dean Povey Re: Problem for public CAs, David P. Kemp Re: Problem for public CAs, Bob Jueneman Re: Problem for public CAs, Paul Hoffman / IMC <= RE: Re: Problem for public CAs, bartley . o'malley

Previous by Date:	Re: Problem for public CAs, Bob Jueneman
Next by Date:	RE: Re: Problem for public CAs, bartley . o'malley
Previous by Thread:	Re: Problem for public CAs, Bob Jueneman
Next by Thread:	RE: Re: Problem for public CAs, bartley . o'malley
Indexes:	[Date] [Thread] [Top] [All Lists]