The following is related to the S/MIME discussions. One of the many [unsolvable] problems with S/MIME is the establishment of a globally working user-level PKI infrastructure.
Although not perfect, I think it is fair to say that a globally working domain-name-level PKI infrastructure actually already exists. If we (security experts) want to create anything that could match closed networks such as Skype, having 100M+ users enjoying full end-2-end-security, I think we need to be a bit pragmatic and not hoping that users should be extremely interested in certificates, or that the UN should provide us with a universal root certificate. The following proposal breaks RFC 3280 validation rules which is bad but the idea is to only use this scheme in a special purpose messaging protocol, not "infecting" NSS in any way. Here it goes (please don't throw up, this is completely serious)... Each domain (host) have a "pseudo-CA" using a commercial-grade SSL certificate as a CA certificate. Certificates created by such a CA should have a specific DN format (in order to be valid), where the host-name of course must be a core component (you can only certify things in your own domain). Based on such a trust infrastructure, an on-line-based secure messaging system should be able to achieve Skype-level scalability while still being fully distributed. I haven't really gotten down to the nitty-gritty with the messaging itself, because a system like this obviously requires a bunch of other hot-shots as well :-) Enrolment issues? Skype does this without the user having to know what a certificate is. Applications include all kinds of interactive communication with mobile phones as a really interesting target unless it gets outlawed. Anders Rundgren
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
