I believe some work is being done about this issue and DNS in the PKIX
working group.
Regards.
-----Message d'origine-----
De : owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org]De la part de Julien
Pierre
Envoye : samedi 9 aout 2003 04:07
A : ietf-smime(_at_)imc(_dot_)org
Objet : dissemination of public encryption certificates
Hi,
Since this is my first posting to this mailing list, let me introduce
myself :
I'm a software engineer in AOL / Netscape and one of my responsibilities
for several years has been to maintain the open source Netscape Security
Services (NSS) library, which is used in the Mozilla browsers, many
Netscape and Sun servers, and other internal products. The NSS library
contains an implementation of S/MIME v3.
I was wondering what thoughts you may have on the following problem :
If I have a keypair and e-mail certificate, and I want to send encrypted
e-mail to somebody knowing his e-mail address, what's a systematic way
to obtain the recipient's encryption certificate ?
Traditionally today, signed e-mail messages typically contain the
signer's public encryption certificate. However that means one party
needs to first send a signed unencrypted, e-mail message to transmit the
public encryption certificate before both parties can exchange encrypted
messages.
There are also ways to find recipient certificates today using corporate
directory servers, but users must know about them and manually configure
them in their applications, and they are typically not widely available
on the Internet.
I'm envisioning some standardized scheme where, by starting with the
recipient's email address, it would be possible to locate a public
directory server, then find the recipient's certificate by looking it up
in that directory server.
My main question is : has any similar scheme been proposed ? I would
rather work with something that exists, but if there is nothing that
fits, I'm open to writing an RFC.
Also, what are the other ways that people locate recipient S/MIME e-mail
encryption certificates ?
Thanks.