We could build one big honkin' directory... :)
Personally I think there's more than enough ways discover and transfer
certs.
The gap, in my mind, is the introduction problem--if you and I have never
corresponded securely before, how do I know that the cert I have is yours?
-- T
On 1/23/15, 11:28 AM, "Russ Housley" <housley(_at_)vigilsec(_dot_)com> wrote:
The IETF Enroll WG was chartered to solve this problem, but it folded
before doing so.
http://datatracker.ietf.org/wg/enroll/charter/
We could get the ietf-enroll mail list reactivated if there is
interest.
I think I have to clarify:
My suggestion was not about cert enrollment. I also don't want to
invent a new
mechanism. I just thought of a very *simple* S/MIME cert publication
tool in
form of a mass subscriber mailing list. *Existing* standard MUAs could
immediately leverage importing S/MIME certs from signed messages sent
to the list.
Even though the ietf-enroll charter sounds interesting it does not seem
appropriate to reactivate the mailing list for the purpose I described.
We need to make it easier to get certificates, and then we need to make
it easier for others to find those certificates. I'm willing to work on
both of these.
Russ
_______________________________________________
smime mailing list
smime(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/smime