On 2013-07-30 08:10, Kohei Kasamatsu wrote:
Hi, SMIME list
There are many of MUA implementations for S/MIME and some banks or
corporations are using digital signature for their messages.
But in such cases, there are several points would hopefully be care in
technical aspects of S/MIME.
Displaying assurance of organization of signer, keys and certificates
management criteria in MUA and CRL delivery into MUA are crucial
issues to enhace usage or deployment of acutual use of S/MIME.
I would think about drafting a document as follows:
-----
MUA and for qualified signatures:
- certificate selection in MUA
- for unified display (like green bar in browser) of showing
messages in MUA with valid/non-valid signatures
- operational pracice for digital signatures
(e.g. key length, validity, key store)
Certificates for S/MIME:
- operational pracice for digital signatures
(e.g. key length, validity, key store, revocation control)
- certificate policy or singing policy for signer(S/MIME)
e.g.) Bank, corporation, goverment and/or for qualified signature
etc.(other items in my mind)
-----
Are they impossible to be toss as a draft?
If you have had considered such point of operational issues,
I would hope to share and get your reply.
(or talk to me either, in Berlin)
Personally I consider S/MIME a useless standard, there's to my knowledge no
plans making it better either.
The parameters you mention has no meaning except to crypto-nerds.
I would recommend banks and governments turn to web-based solutions
because they provide an interactive component which among many
things can pre-select the proper certificate.
Here is something I'm working with to make the web an alternative to S/MIME:
http://webpki.org/papers/PKI/pki-webcrypto.pdf
Anders
_______________________________________________
smime mailing list
smime(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/smime