[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Problem for public CAs

To: ietf-smime@xxxxxxx
Subject: Re: Problem for public CAs
From: Paul Hoffman / IMC <phoffman@xxxxxxx>
Date: Mon, 14 Feb 2000 16:01:05 -0800
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-id: <ietf-smime.imc.org>
List-unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Sender: owner-ietf-smime@xxxxxxx

At 04:10 PM 2/14/00 -0700, Bob Jueneman wrote:

Instead, in the case of a signed message the From address should be viewed
as secondary, and the certificate contents the primary information.

From a security standpoint, this is right. From a UI standpoint, it might not be. Assume I have a different email address in my cert than in the From: header of a message I send you, that your S/MIME client has informed you of that, and you agreed. Now you want to reply to my message. You probably don't want to reply to the email address in my cert, but you might. There are essentially two From vales: the certificate one and the insecure-and-possibly-altered one.

Of course, we have to face the fact that NEITHER the DN nor the RFC822 address
may be particularly relevant or informative.

Exactly right.

And, no, I'm not proposing a solution here.

--Paul Hoffman, Director
--Internet Mail Consortium

References:
- Re: Problem for public CAs
  - From: Bob Jueneman

Prev by Date: Re: Problem for public CAs
Next by Date: RE: Re: Problem for public CAs
Previous by thread: Re: Problem for public CAs
Next by thread: RE: Re: Problem for public CAs
Index(es):
- Date
- Thread