ietf-smime
[Top] [All Lists]

RE: DOMSEC anybody?

2001-04-17 02:42:18
Hi Anders,

Comments below.

-----Original Message-----
From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org]On Behalf Of Anders 
Rundgren
Sent: 16 April 2001 11:54
To: ietf-smime(_at_)imc(_dot_)org
Subject: DOMSEC anybody?


Hi
I think DOMSEC is a very powerful concept but it does not seem to
be widely adapted
and the S/MIME-list contains almost no dicussions.

What I wonder if you out there have:

1. Any working implementions

We have had an implementation built for us. It is intended to have a
commercially available version soon.


2. A possibility to send me an entire signed DOMSEC-compatible
S/MIME container

We are currently integrating the module into a messaging solution. Once this
has been achieved we will be able to provide DOMSEC messages.


Technical questions regarding DOMSEC:

Q1: If an e-mail server is not setup for DOMSEC will the
end-destination still get
the message without interoperability problems?

A couple of issues spring to mind.

1) There may be a name mismatch warning due to the subject name in the
certificate being different to the sender of the message. This should not
cause interoperability. I believe that Microsoft no longer do this check.

2) There is a possibility that the innermost signature on a DOMSEC message
will contain no elements in the signerInfos. This is known as an empty
signature. There are some solutions that assume that a signedData with no
elements in the signerInfos only carries a certificate. This will cause a
problem.

Bill


Q2: Are there any TTPs issuing suitable certificates today in the
same way as they do for Web (domain)-servers?

Q3: Couldn't a single certificate actually serve both of these purposes?

Regards
Anders Rundgren
X-OBI



<Prev in Thread] Current Thread [Next in Thread>
  • DOMSEC anybody?, Anders Rundgren
    • RE: DOMSEC anybody?, William Ottaway <=