[Top] [All Lists]

Multiple e-mail addresses

2000-06-04 14:50:35
Hi Russ,

I attached the relevant paragraph from the last WG Minutes. I wonder if
farther work was done on these issues, which I find very important for a
workable S/MIMEv3 implementation.


Application of Attribute Certificates (AC) in S/MIME - Greg Colla

Greg's briefing addressed the topic of checking the e-mail address
of the signedData signer against the e-mail address in the signer's

Greg briefed that there are problems with binding the subject's e-mail
address with the subject's public key in an X.509 public key certificate
such as:
- Multiple e-mail addresses
- Maintenance of e-mail addresses
- Security Proxy (a proxy signs and decrypts on behalf of many users)
- Privacy/Spam

Greg briefed the following requirements:
Address Aliasing: Associate a single entity with multiple e-mail
    addresses, with a single PKC.
Secure Proxying: Associate multiple entities, each with their own
    e-mail address,  with a common PKC.
Address Sharing: Associate multiple entities, each with their own PKC,
    with a single e-mail address.

Greg proposed the following:
- Maintenance of e-mail addresses limits S/MIME usability
- ACs can be used to cryptographically bind e-mail addresses with PK
- E-mail ACs provide a flexible solution for maintaining e-mail 
- Supplements current infrastructure
- Localized modifications required to S/MIME components to use 
   E-mail ACs
- E-mail ACs can be used to solve other S/MIME limitations



Raviv Karnieli - CTO
Vanguard Security Technologies Ltd.
Tel. +972-4-989-1311       Fax +972-4-989-1322             raviv(_at_)vguard(_dot_)com

This message left my computer secured since I'm using 
MAILguardian Enterprise the first true end to end enterprise e-mail security
solution that is policy based, centrally managed and totally transparent to
the end users.

You can get your own free evaluation copy of MAILguardian 

<Prev in Thread] Current Thread [Next in Thread>
  • Multiple e-mail addresses, Raviv Karnieli <=