On Wed, 23 Sep 2015, Phillip Hallam-Baker wrote:
I have no problem with the draft going forward, provided that there is a
statement that I and other people making proposals can point to stating that
this is not going to block other
approaches.
You mean a statement in the document? At the IETF?
The document makes no statement about any other mechanisms for encryption
or crypto key distribution. I think that's the best we can do. If
people make weird statements about SMIME roots based on this document,
it should be pointed out those people are wrong.
For example, if you have an organization that is hierarchical such as the US
federal government, the simplest way to deploy end-to-end email in the
organization would be to deploy a PKIX
CA to issue S/MIME certificates, store the certificates in a Web server [*] and
stick the address of the web server and the fingerprint of the intermediate KSK
in a DNS record.
I strongly recommend those organisastions use draft-ietf-dane-smime and
publish SMIMEA records instead of OPENPGPKEY records.
Paul