[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Anti-spam news article / S/MIME Gateways

To: <ietf-smime@xxxxxxx>
Subject: Re: Anti-spam news article / S/MIME Gateways
From: Ben Littauer <littauer@xxxxxxxx>
Date: Wed, 23 Jun 2004 09:34:06 -0400
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-id: <ietf-smime.imc.org>
List-unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Sender: owner-ietf-smime@xxxxxxxxxxxx
User-agent: Microsoft-Entourage/10.1.4.030702.0

There's scalability and there's scalability.

The problem with desktop to desktop PKI is both the directory problem (i.e.
key discovery and distribution) and the administration problem (issuance,
renewal, and revocation of certificates).  Domain-level PKI reduces the
scale of both problems by several orders of magnitude.  Solving the domain
level problems first will perhaps give some clue to the mechanisms required
for the desktop implementation, should it ever become required.

-ben-

> From: "Trevor Freeman" <trevorf@xxxxxxxxxxxxxxxxxxxxxx>
> Date: Tue, 22 Jun 2004 11:15:39 -0700
> To: "Craig McGregor" <Craig.McGregor@xxxxxxxxxxxxxxxx>, "Russ Housley"
> <housley@xxxxxxxxxxxx>, <ietf-smime@xxxxxxx>
> Subject: RE: Anti-spam news article / S/MIME Gateways
> 
> 
> Hi Craig,
> While I understand you comments about closed groups. The real problem
> with scaling beyond closed groups is, as you point out, trust
> mechanisms. What I fail to see is why we need a different signature
> format to deploy a more scalable trust mechanism.
> Trevor
> 
> * -----Original Message-----
> * From: owner-ietf-smime@xxxxxxxxxxxx
> [mailto:owner-ietf-smime@xxxxxxxxxxxx]
> * On Behalf Of Craig McGregor
> * Sent: Monday, June 21, 2004 8:12 PM
> * To: Russ Housley; ietf-smime@xxxxxxx
> * Subject: RE: Anti-spam news article / S/MIME Gateways
> * 
> * 
> * 
> * >Tumbleweed Chief Executive Jeff Smith says there's a lot of
> * misunderstanding about
> * >S/MIME, because it was created as a desktop encryption technology. He
> * argues it's
> * > also simple and cost-effective to use as a gateway authentication
> * technology, and
> * > that its quality advantages make it the best choice. Tumbleweed
> would
> * like to work
> * > with Yahoo to merge their technologies.
> * 
> * S/MIME gateway software in the context of a 'closed-community' is a
> * proven method of authenticating the sending domains of e-mail messages
> * and has been effective at blocking increased volumes of spoofed e-mail
> * messages (providing they were sent from a participating domain). And
> of
> * cause using S/MIME encryption protects one from in-transit
> eavesdropping
> * too!
> * 
> * Applying what is quite managable in a 'closed-community' for an
> * Internet-wide deployment would be somewhat more challenging though.
> * Particularly around certificate deployment, trust-chains and
> * auto-discovery (assume DNS for internet-wide; a 'closed-community'
> could
> * use LDAP). I think that is why domain keys proposes to trust DNS data
> as
> * being authorative without any further validation.
> * 
> * Craig.
> * 
> * 
> * 
> * 
> * 
> * 
> * 
> * 
> * 
> * 
> * 
> * 
>

References:
- RE: Anti-spam news article / S/MIME Gateways
  - From: Trevor Freeman

Prev by Date: RE: Anti-spam news article / S/MIME Gateways
Previous by thread: RE: Anti-spam news article / S/MIME Gateways
Next by thread: v2.4 S/MIME Freeware Library (SFL) Now Available
Index(es):
- Date
- Thread