ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Are certificates _required_ by the sender?

2002-05-08 14:39:26
from [Craig McGregor] [Permanent Link] 

Hi Ben,

Although I have not tested this theory, I suspect it is so that it can
encrypt the message both for the recipient and sender. Otherwise the
sender could not read their message from their sent items folder without
access to the recipients private key - which of course is a no-no!

Nothing in the S/MIME RFC's says you _have_ to have one. You should be
able to happily encrypt but not sign e-mail without one. Practicalities
mean for certain functionality in clients it may be necessary to have
your own certificate.

--
Craig McGregor          
Security Specialist     
IT Systems                      http://e.govt.nz/see/mail
The Treasury            http://www.treasury.govt.nz
 



-----Original Message-----
From: Ben Littauer [mailto:littauer(_at_)blkk(_dot_)com]
Sent: Thursday, 9 May 2002 4:08 a.m.
To: ietf-smime(_at_)imc(_dot_)org
Subject: RE: Are certificates _required_ by the sender?



Interesting you should ask this right now.  I don't believe that there
is
any S/MIME requirement that says that the sender needs a cert.  That
said,
however, MS Outlook DOES require that you have a cert before it will let
you
encrypt a message on someone else's cert that you've received.  Does
anyone
know why this is?

-ben-

-----Original Message-----
From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org]On Behalf Of Terje 
Tollisen
Sent: Wednesday, May 08, 2002 5:26
To: ietf-smime(_at_)imc(_dot_)org
Subject: Are certificates _required_ by the sender?



Is the sender of an email required to have a certificate, or is it
sufficient for the sender to have a copy of the certificate of the
recipient? I am thinking of an automated system, where one party will
always
be the sender, and never receive emails. In addition, no signatures are
required. Thus nobody will ever actually need the public key for the
automated system. However, I'm uncertain if the sender can send S/MIME
messages without having a certificate of it's own.

Thanks for your time
-Terry Tollisen

--
_______________________________________________
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Are certificates _required_ by the sender?, Ben Littauer
Next by Date:  Next Draft of Proposed Charter, Housley, Russ
Previous by Thread:  Re: Are certificates _required_ by the sender?, Housley, Russ
Next by Thread:  RE: Are certificates _required_ by the sender?, Housley, Russ
Indexes:  [Date] [Thread] [Top] [All Lists]