Yes, certs issued from a W2K CA can be used for S/MIME, and no less so than
certs issued from Baltimore, Iplanet or any other CA vendor or product. The
main issue is not will they work, but will you be able to validate the
certs. Unless the person issuing the cert from W2K has provided you with
their server's cert, or they have certified their CA with the signature of
the publicly known CAs you will not be able to easily verify the signature
to its source. This is not the most technically acurate way of saying this
but I'm not awake yet. Baltimore has preregistered there CA with the
vendors distributing products, as has Verisign, Thaught, and many others.
Just make certain that you have the certificates for the W2K CA, and access
to its revocation list so you can validate properly and you'll be fine.
Senior IT Analyst
Please note: GTE Internetworking is now Genuity.
[mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org]On Behalf Of Laurent
Sent: Thursday, May 11, 2000 5:45 AM
Subject: Does Smime works fine with Windows 2000 PKI
Just a question :
Is there any known issues using S/MIME with Win2000PKI-certificates ?
More generally, are Win2000 certificates usable with (and
understood by ) the others mailers (especially Lotus Notes,
Netscape, Eudora +plug-in?)
Isn't Baltimore Unicert a "better choice" due to its greater
Any advices are welcome.
Walter B Williams.vcf