jpierre(_at_)netscape(_dot_)com (Julien Pierre) writes:
I was wondering what thoughts you may have on the following problem :
If I have a keypair and e-mail certificate, and I want to send encrypted
e-mail to somebody knowing his e-mail address, what's a systematic way
to obtain the recipient's encryption certificate ?
[...]
I'm envisioning some standardized scheme where, by starting with the
recipient's email address, it would be possible to locate a public
directory server, then find the recipient's certificate by looking it up
in that directory server.
Sure. See
http://www.ietf.org/internet-drafts/draft-ietf-pkix-certstore-http-05.txt,
which proposes various methods of automated cert discovery, not just for
email clients but also for things like embedded devices. The automated
discovery work is related to other work I did for automated PKI service
discovery, available at
http://www.usenix.org/publications/library/proceedings/sec03/tech/gutmann.html.
It'll also be available from my home page in a week or two when I get back
home (uhh, and ignore the tongue-in-cheek comments about AOL users in there
:-).
Peter.