There have been a number of messages recently about the use of PKI with
S/MIME, and the concerns about that. I like to think that we're all
pretty much in agreement that we've established a consistent,
interoperable practice for the actual syntax and contents of S/MIME
messages, as well as a reasonable cut of a certificate syntax profile
for end-entity certificates.
Should there be a profile for certificate usage (certificate repository,
distribution and revocation checking) that is specific for our problem
domain? That is, select relevant other work and profile it for use in
the S/MIME interpersonal messaging domain? I would imagine that this
would be a new draft, start with a summary of the requirements, and
progress to profiles of relevant standards.
It's also not clear if this is something to discuss in this working
group, or somewhere else.
Comments?
Blake
--
Blake Ramsdell | Brute Squad Labs | http://www.brutesquadlabs.com