TOFU certainly seems to work in practice. But this does't address the
question that started this discussion, looking for a new correspondent's
certificate in a key store. If I look for bobsmith@example and it has a
cert for BobSmith@example, it's clearly the same person. But if it finds
Bob.Smith@example or Robert.Smith@example or R.W.Smith@example, who knows?
That's why you need help from the mail system that knows where the
I propose rewriting 5750 Sec 3 and deprecate the use of email
addresses in S/MIME certificates *entirely*. We'd add to Sec 3
instructions for MUAs to:
- Treat an email signature as a valid signature if the MUA has
associated that signature's public key  with the From: or Sender:
address. Call this the "valid if expected" rule.
- Require the MUA to associate a public key with an email address
the first time it receives a signed email, ideally with an explicit
user acknowledgement. The "record on first use" rule.
- Require MUAs to notify users of a security problem when an email
from any address arrives with a signature by any other public key than
the one expected. The "notify on broken expectations" rule.
John Levine, johnl(_at_)taugh(_dot_)com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail.
ietf-smtp mailing list