Hi Anders.
Thank you for your comments.
Personally I consider S/MIME a useless standard, there's to my
knowledge no
plans making it better either.
S/MIME is already used by Some banks and corporations and is actually
useful for guaranteeing integlity of their messages.
I would like to contribute to parties who are using or providing S/MIME.
The parameters you mention has no meaning except to crypto-nerds.
Thank you for the precious opinion.
I also think that too detailed information on parameters of cryptgraphic
primitives does not have no meaning.
However, signature generated by compromised key cannot guarantee
integrity of message.
I think that it is valuable to gather and organize minimum required
information about it.
What do you think about it?
Here is something I'm working with to make the web an alternative to
S/MIME:
http://webpki.org/papers/PKI/pki-webcrypto.pdf
Thank you for interesting information.
Best regards,
Kohei
(2013/07/30 15:27), Anders Rundgren wrote:
On 2013-07-30 08:10, Kohei Kasamatsu wrote:
Hi, SMIME list
There are many of MUA implementations for S/MIME and some banks or
corporations are using digital signature for their messages.
But in such cases, there are several points would hopefully be care in
technical aspects of S/MIME.
Displaying assurance of organization of signer, keys and certificates
management criteria in MUA and CRL delivery into MUA are crucial
issues to enhace usage or deployment of acutual use of S/MIME.
I would think about drafting a document as follows:
-----
MUA and for qualified signatures:
- certificate selection in MUA
- for unified display (like green bar in browser) of showing
messages in MUA with valid/non-valid signatures
- operational pracice for digital signatures
(e.g. key length, validity, key store)
Certificates for S/MIME:
- operational pracice for digital signatures
(e.g. key length, validity, key store, revocation control)
- certificate policy or singing policy for signer(S/MIME)
e.g.) Bank, corporation, goverment and/or for qualified signature
etc.(other items in my mind)
-----
Are they impossible to be toss as a draft?
If you have had considered such point of operational issues,
I would hope to share and get your reply.
(or talk to me either, in Berlin)
Personally I consider S/MIME a useless standard, there's to my knowledge no
plans making it better either.
The parameters you mention has no meaning except to crypto-nerds.
I would recommend banks and governments turn to web-based solutions
because they provide an interactive component which among many
things can pre-select the proper certificate.
Here is something I'm working with to make the web an alternative to S/MIME:
http://webpki.org/papers/PKI/pki-webcrypto.pdf
Anders
_______________________________________________
smime mailing list
smime(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/smime
_______________________________________________
smime mailing list
smime(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/smime