ietf-smime
[Top] [All Lists]

Re: [smime] S/MIME publishing mailing list

2015-01-23 07:16:21
On Fri, Jan 23, 2015 at 7:21 AM, Tony Rutkowski <tony(_at_)yaanatech(_dot_)com> 
wrote:

 Great idea.  Better yet, produce a RFC
for S/MIME cert exchanges based on the
idea.


On 2015-01-23 4:59 AM, Michael Ströder wrote:

HI!

Still getting S/MIME certs of other mail users is a unsolved problem.

Would it make sense if the IETF would simply host a non-WG mailing list for
simply publishing S/MIME certs via e-mail?

So if mailing list members get a new S/MIME cert they send a signed e-mail
with almost empty content to the mailing list and all subscribers get the
certs and S/MIME capabilities.

Ciao, Michael.

I am working on code for something very similar.

Right now we have two IETF projects, TRANS and ACME that might have a lot
of bearing on filling in the gaps in SMIME.


ACME is not yet a WG, the initial proposal is limited to TLS certs but if
the protocol is properly designed it could fix the problem as follows:

* Some JSON based web service allows an email client to register certs and
encrypted private keys with a service. This might be a locally run service
or a TTP service (aka CA).

* The service registers the certs in a TRANS log just for certs.

* We use a globally unique key identifier formed from the hash of the
KeyInfo block as a locator / PGP type fingerprint.

* Location services search any public TRANS log.


I almost have code complete. See prismproof.org for details, specs, code,
etc.
_______________________________________________
smime mailing list
smime(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/smime