ietf-smime
[Top] [All Lists]

Request: Mail Gateway S/MIME vs TLS

2004-07-30 09:52:42

List,
Let me first tell you that I am not an expert in SMTP so this
question may surely be a bit "off".

Various efforts have been done to create a domain-based
security model for e-mail using PKI.  AFAIK they required
specific certificates for this purpose.

The problem with that is that it has proven hard to get support
for new PKIs and if everybody rolls their own domain certs,
we get an unmanageable system.

Therefore I wonder if it would be technically feasible to
REUSE the already existing web-server PKI for domain-
secured e-mail?

=============================================
 IMHO the Internet Community would gain by having ONE
 PKI structure for domain-secured e-mail *and* web-services.
=============================================

If a new domain (a.k.a. gateway, perimeter, etc) mail system,
also uses TLS instead of S/MIME encryption I would be even
more happy as TLS is simpler to use as there are no encryption
certificates to acquire and no headers to protect either.

For S/MIME domain signing I believe the very same PKI should
be possible to REUSE in spite of the fact that certs do no contain
a mail address.  I believe domain should be sufficient.

Anders


<Prev in Thread] Current Thread [Next in Thread>
  • Request: Mail Gateway S/MIME vs TLS, Anders Rundgren <=