ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Multiple e-mail addresses

2000-06-04 14:50:35
from [Raviv Karnieli] [Permanent Link] 
Hi Russ,

I attached the relevant paragraph from the last WG Minutes. I wonder if
farther work was done on these issues, which I find very important for a
workable S/MIMEv3 implementation.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Application of Attribute Certificates (AC) in S/MIME - Greg Colla

Greg's briefing addressed the topic of checking the e-mail address
of the signedData signer against the e-mail address in the signer's
certificate.

Greg briefed that there are problems with binding the subject's e-mail
address with the subject's public key in an X.509 public key certificate
such as:
- Multiple e-mail addresses
- Maintenance of e-mail addresses
- Security Proxy (a proxy signs and decrypts on behalf of many users)
- Privacy/Spam

Greg briefed the following requirements:
Address Aliasing: Associate a single entity with multiple e-mail
    addresses, with a single PKC.
Secure Proxying: Associate multiple entities, each with their own
    e-mail address,  with a common PKC.
Address Sharing: Associate multiple entities, each with their own PKC,
    with a single e-mail address.

Greg proposed the following:
- Maintenance of e-mail addresses limits S/MIME usability
- ACs can be used to cryptographically bind e-mail addresses with PK
   certificates
- E-mail ACs provide a flexible solution for maintaining e-mail 
   addresses
- Supplements current infrastructure
- Localized modifications required to S/MIME components to use 
   E-mail ACs
- E-mail ACs can be used to solve other S/MIME limitations

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Thanks,

Raviv Karnieli - CTO
Vanguard Security Technologies Ltd.
Tel. +972-4-989-1311       Fax +972-4-989-1322
www.vguard.com             raviv(_at_)vguard(_dot_)com

This message left my computer secured since I'm using 
MAILguardian Enterprise the first true end to end enterprise e-mail security
solution that is policy based, centrally managed and totally transparent to
the end users.

You can get your own free evaluation copy of MAILguardian 
at http://www.vguard.com/prod.asp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Multiple e-mail addresses, Raviv Karnieli <=
Previous by Date:  SMIME cert dist draft and X.509, Sharon Boeyen
Next by Date:  RE: Final 29 March 2000 S/MIME WG Minutes, Raviv Karnieli
Previous by Thread:  SMIME cert dist draft and X.509, Sharon Boeyen
Next by Thread:  RE: Final 29 March 2000 S/MIME WG Minutes, Raviv Karnieli
Indexes:  [Date] [Thread] [Top] [All Lists]