#######################################################################
#######################################################################
C E R T I F I C A T E C H A I N
A N D
D I S T I N G U I S H E D N A M E
A U T O M A T I C R E S P O N D E R
#######################################################################
#######################################################################
You can send a request for users' Distinguished Name(s) (DN) and/or
their certificate and all the certificates in their certificate chain.
The response is automatically sent back to you as indicated in the
'From' field of the mail you send. You can also obtain a copy of the
script needed to have the responder up and running for yourself. The
details on how to use the responder follows.
** You are free to use the responder to obtain my information.
** All it does is to mail you a respond and log your request.
** If you want to install the responder, however, do it at your own
risk. You must examine the script carefully before installing it.
This is because once you setup your .forward file, a copy of all
your mail will be piped to the responder. Ideally, you want to
make sure you know exactly what happens when the mailer invokes
the script on your message. I can tell you that all it does is
to check the Subject line for known requests and if matched will
generate appropriate response. However, verify this for yourself.
** Please send me comments and contributions to enhance/debug it at:
bahreman(_at_)bellcore(_dot_)com
To make a request to the responder:
===================================
You have to send an electronic mail (e-mail) to the person running the
responder. In my case, send e-mail to: ali(_at_)ctt(_dot_)bellcore(_dot_)com
The subject line specifies what you are requesting. See bellow for a
list of available requests. Your message text is ignored.
List of available requests:
===========================
o DISTINGUISHED-NAME-REQUEST
To obtain user's list of commonly used distinguished name(s)
o CERTIFICATE-REQUEST
To obtain all certificates in the user's certificate chain
o SOURCE-REQUEST
To obtain the source of the responder to install for yourself
Possible additions can be "USER-CERTIFICATE-REQUEST" to only obtain
the user's certificate and not all the certificates in the chain.
Also, if the user is willing to maintain up-to-date CRLs of all the
CAs in its certification path, an additional "CRL-REQUEST" request
could be easily added to the list of available requests.
Examples:
=========
In the following examples, the shell prompt is %. Type the commands
as they appear after the shell prompt.
1) To get a user's DN (in this case mine):
% Mail -s "DISTINGUISHED-NAME-REQUEST" ali(_at_)ctt(_dot_)bellcore(_dot_)com <
/dev/null
2) To get a user's Certificate Chain (in this case some bogus chain):
% Mail -s "CERTIFICATE-REQUEST" ali(_at_)ctt(_dot_)bellcore(_dot_)com <
/dev/null
3) To obtain source of responder from user (in this case me):
% Mail -s "SOURCE-REQUEST" ali(_at_)ctt(_dot_)bellcore(_dot_)com < /dev/null
Known Bugs:
===========
As we are still in the process of registering with TIS-PEM, the
certificates you will get are bogus and are not mine. They just serve
as illustrations on how this thing works.
_______________________________________________________________________
Alireza Bahreman E-Mail:
bahreman(_at_)bellcore(_dot_)com
Bellcore, Room RRC-1K221 Phone : +1 908 699 7398
444 Hoes Lane, Piscataway, NJ 08854 Fax : +1 908 336 2943