[Top] [All Lists]

RE: Does Smime works fine with Windows 2000 PKI

2000-05-11 05:47:57

Yes, certs issued from a W2K CA can be used for S/MIME, and no less so than
certs issued from Baltimore, Iplanet or any other CA vendor or product.  The
main issue is not will they work, but will you be able to validate the
certs.  Unless the person issuing the cert from W2K has provided you with
their server's cert, or they have certified their CA with the signature of
the publicly known CAs you will not be able to easily verify the signature
to its source.  This is not the most technically acurate way of saying this
but I'm not awake yet.  Baltimore has preregistered there CA with the
vendors distributing products, as has Verisign, Thaught, and many others.
Just make certain that you have the certificates for the W2K CA, and access
to its revocation list so you can validate properly and you'll be fine.

Walt Williams
Senior IT Analyst

Please note: GTE Internetworking is now Genuity.

-----Original Message-----
From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org]On Behalf Of Laurent 
Sent: Thursday, May 11, 2000 5:45 AM
To: ietf-smime
Subject: Does Smime works fine with Windows 2000 PKI

Hi everybody,

Just a question :

Is there any known issues using S/MIME with Win2000PKI-certificates ?
More generally, are Win2000 certificates usable with (and
understood by ) the others mailers (especially Lotus Notes,
Netscape, Eudora +plug-in?)

Isn't Baltimore Unicert a "better choice" due to its greater
compatibility ?

Any advices are welcome.


Laurent Deffranne

Attachment: Walter B Williams.vcf
Description: Vcard