In the absence of ubiquitos directories and/or extention of user
records (maintaining user certificates) to the DNS environment,
the burden of obtaining certificates through out-of-band mechanisms is
placed on both parties in an exchange. For example, the sender of a
message must first send a request to the recipient asking for her/his
certificate. The recipient must then respond to this request before
the sender can send the message. Due to the fact that both parties
may not be attending their mail simultaneously, this will introduce
some delay to the exchange.
To avoid this delay, the response can be automated so as not to
require the human responder's attendance. The delay is reduced to the
normal delay of sending and receiving an e-mail response, which
cannot be avoided if e-mail is used as the means of access to the
automated responder.
It seems reasonable to ask the users to publicize their information if
they want to enable others to send them PEM messages. The cost to the
user is a one-time setup of the information to be publicized. If that
information changes, it is up to the user to update their respective
publicized information. The idea is similar to the ".plan" file in
the "finger" command. The difference is that no program/port
interface is use-just e-mail messaging.
With the help of my colleage, Don Major, I have now setup a responder
for myself. You can send a request for my Distinguished Name (DN)
and/or my certificate and all the certificates in my certificate chain.
The response is automatically sent back to you as indicated in the
'From' field of the mail you send. You can also obtain a copy of the
script needed to have the responder up and running for yourself.
The details on how to use the responder will be sent out as a separate
e-mail to this group.
_______________________________________________________________________
Alireza Bahreman E-Mail:
bahreman(_at_)bellcore(_dot_)com
Bellcore, Room RRC-1K221 Phone : +1 908 699 7398
444 Hoes Lane, Piscataway, NJ 08854 Fax : +1 908 336 2943