Re: >>> Blake Ramsdell <BlakeR@deming.com> 11/07/96 06:44pm >>>

[jsw@xxxxxxxxxxxx (Jeff Weinstein)]

Robert Jueneman wrote:
> 
>> Blake Ramsdell <BlakeR@deming.com> 11/07/96 06:44pm >>>
>> Two cents from the S/MIME camp here -- symmetric capabilities are
>> relayed on a message by message basis, not in the certificate (there is
>> a SET OF authenticatedAttributes that are signed by the sender, and one
>> of these is symmetricCapbilities).  The determination of the algorithm
>> is based on the last-transmitted algorithm capabilities (which reflects
>> preference order as well as capabilities.)
> 
> I haven't tracked S/MIME recently. What happens if you haven't
> communicated with someone yet? Are the current S/MIME
> implementations dependent on a previous message to get
> the destination user's certificate?
> 
> Can you assess the willingness of the S/MIME vendors to
> make use of a symmetricCapabilities in the certificate?

  The way that S/MIME users will typically exchange certificates
is via a signed message, which will include the symmetric
capabilities and their cert.

  The reason that the symmetric capabilities was not included
with the cert is that it is really a user preference, not under
CA control.  It is also likely to change (at the whim of the
user), and the user should not be required to get a new cert
in this case.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.