Hi Russ,
I attached the relevant paragraph from the last WG Minutes. I wonder if
farther work was done on these issues, which I find very important for a
workable S/MIMEv3 implementation.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Application of Attribute Certificates (AC) in S/MIME - Greg Colla
Greg's briefing addressed the topic of checking the e-mail address
of the signedData signer against the e-mail address in the signer's
certificate.
Greg briefed that there are problems with binding the subject's e-mail
address with the subject's public key in an X.509 public key certificate
such as:
- Multiple e-mail addresses
- Maintenance of e-mail addresses
- Security Proxy (a proxy signs and decrypts on behalf of many users)
- Privacy/Spam
Greg briefed the following requirements:
Address Aliasing: Associate a single entity with multiple e-mail
addresses, with a single PKC.
Secure Proxying: Associate multiple entities, each with their own
e-mail address, with a common PKC.
Address Sharing: Associate multiple entities, each with their own PKC,
with a single e-mail address.
Greg proposed the following:
- Maintenance of e-mail addresses limits S/MIME usability
- ACs can be used to cryptographically bind e-mail addresses with PK
certificates
- E-mail ACs provide a flexible solution for maintaining e-mail
addresses
- Supplements current infrastructure
- Localized modifications required to S/MIME components to use
E-mail ACs
- E-mail ACs can be used to solve other S/MIME limitations
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Thanks,
Raviv Karnieli - CTO
Vanguard Security Technologies Ltd.
Tel. +972-4-989-1311 Fax +972-4-989-1322
www.vguard.com raviv(_at_)vguard(_dot_)com
This message left my computer secured since I'm using
MAILguardian Enterprise the first true end to end enterprise e-mail security
solution that is policy based, centrally managed and totally transparent to
the end users.
You can get your own free evaluation copy of MAILguardian
at http://www.vguard.com/prod.asp