[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: PKI and S/MIME
On Wed, 13 Aug 2003 15:05:49 -0700 Blake Ramsdell
> A better question for the DNS distribution of certificates is whether or
> not this smells like it would be the most likely thing to get deployed.
> My understanding is that you would need DNS servers that supported the
> particular record types required for this functionality, as well as
> administrative tools to upgrade those records that are different than
> typical DNS administration tools. To me, that doesn't smell as good.
Actually, I think that there are two barriers:
1. Deployment of DNS-SEC. People have to go out of their way to do it
right now. It takes some work both to deploy the right software and to
get the relationship set up with the domain registration service. Not
all services offer it.
2. Client support. Basically this means that Outlook, Outlook Express,
Netscape (and down the list) of clients have to support it. It means a
CSP for the Windows twins and a module in the new Netscape/Mozilla
Of the two, the second is the hardest. Policy, usage and deployment of
S/MIME and PKI is very much shaped by the implementation of the clients.
Any changes have to propogate through the clients to be useful.
Chief Technical Officer - Electronic Billing and Payment Systems
Phone: 780 424 4922