Anish:
In Re requests for certificates-
I spoke with Burt myself, and his reply was that it was left out of the
RFCs >because it was not a function required of CAs. The obvious next
question is, >"Why is it not a required function of CAs?" - to which one
could respond: >"Because it's not in the RFCs."
Hmm...
Actually, I think people believe that it's not unreasonable to have to
ask >for a certificate before you send things. I'm beginning to see
their point, >as we try to implement this thing, but I'm not totally
convinced yet.
Actually, I was not thinking that a request for a certificate needed to
go to a CA, it could also go to the originator. My problem it that I
operate in an environment where people are not involved in the process
of sending and receiving the messages. There if any information is
absent we do not want to be in the position of dragging a person into
the exchange unless all other methods fail. In that case we find the
absence of pre-formatted requests limiting.
The message could be pretty simple-
SEND CA
or
SEND CA+CHAIN
with an optional "-ID-" PEM structure preceding it.
The server shown by Ali at bellcore.com is along the lines of what I was
suggesting, but I am troubled by the potential interference with regular
mail. Is there some way to ensure that "AUTOMATIC" mail was
distinguished from "REAL" mail? Especially in view of the potential
wide spread deployment of these servers for a wide variety of purposes.
Tom Jones - ViaCrypt div. of Lemcom Sys