Imagine you run a large mailbox provider (e.g. Gmail, Hotmail, Yahoo
mail, Fastmail, etc) and you want to create managed keys and
certificates for every user. Most of your users exclusively use
webmail, so they don't have a traditional MUA. You also support local
part canonicalization using an algorithm (e.g. remove all periods and
downcase).
So far so good.
Now you want to enable people to discover the right certificate when
sending mail to your users and validate certificates when receiving
mail from your users. What do you do?
For the former, you implement draft-bhjl-x509-srv, of course.
For the latter, you get your act together so the address in the
certificate matches the address your web MUA puts on the From: line.
This is not rocket science.
Regards,
John Levine, johnl(_at_)taugh(_dot_)com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail.
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp