RE: dissemination of public encryption certificates
2003-08-13 16:18:44Philip, Hallam-Baker, Phillip wrote on 08/11/2003, 16:55:
This issue is one of the main use cases for XKMS. This has
considerable support within the PKI community, VeriSign, Microsoft, RSA,
Entrust and Baltimore have been involved in writing the specification
which is in the final post last call stage in W3C.
The (almost) final spec is to be found at
http://www.w3.org/2001/XKMS/Drafts/XKMS20030804/xkms-part-1.html
http://www.w3.org/2001/XKMS/Drafts/XKMS20030804/xkms-part-2.html
There will be two further changes to the spec, one to make a
minor tweak to the schema sometime this week, the second to change the
examples to use exclusive C18N.
An XKMS locate service may be advertised in the DNS using the
SRV record. So to send mail to alice(_at_)example(_dot_)com you do an XKMS
locate
to _xkms_http._tcp.example.com.
That gives you the XKMS service.
You then do a locate for a certificate to be used with S/MIME.
Thanks. This is very interesting and I will need to read more on XKMS. Until I do, you may be able to answer the following question : can the XKMS be easily delegated by the domain owner to a third party in the DNS, just like mail and web services usually are typically delegated today ? It certainly looks like it from the above, but I just want a confirmation. -- I am the dog in dogfood
smime.p7s
Description: S/MIME Cryptographic Signature
| Previous by Date: | RE: trust domains, Julien Pierre |
|---|---|
| Next by Date: | Re: dissemination of public encryption certificates, Julien Pierre |
| Previous by Thread: | Re (subtopic): Four corner model, Anders Rundgren |
| Next by Thread: | RE: dissemination of public encryption certificates, Hallam-Baker, Phillip |
| Indexes: | [Date] [Thread] [Top] [All Lists] |