Bob said:
3. The much more significant point, unless I've overlooked a
"directoryCapabilities" attribute in the S/MIME spec somewhere , is
that
both the originating and receiving application are completely clueless
as to where to find either the directory itself, or the http provider.
Once I use mental telephathy to figure out the DSN name of the server
where the user chose to publish his certificates(s), then I can start
rummaging
around though either LDAP or HTTP, trying to guess the schema, and
which
index to use to locate that user's certificate.
Those are the points we ought to be focussing on, IMHO.
Well this was actually my main point. I have been trying to persuade
folk
to take the SRV record seriously and use it for this purpose for two
years...
So what is stopping the email client application vendors?
Phill
smime.p7s
Description: S/MIME cryptographic signature