How are cert renewals handled? Will you send an e-mail about certs soon
to be expired to encourage the user to send in a newer cert?
Not yet, but it wouldn't be a lot of work to setup a daily cronjob that
walks through the list of stored certs.
Also note that one of the issues is that the From address is not
trusted. So you have to extract e-mail addresses from the cert.
I completely ignore the From: address.
Only the signed message is processed.
E-Mail addresses are taken from the signature certificate, only.
Will your LDAP server be freely accessible? I'd like to add it to my
demo server list for web2ldap:
Right now there is no LDAP server. It's all flat files.
Also a link like
<a
href="mailto:smime-keyser...@kuix.de?BODY=allow-smime-keyserver-inclusion";>smime-keyser...@kuix.de</a>
Thanks for the proposal! Added.
> Another short note: The problem with solely distributing the S/MIME
> certs is that a MUA does not have the S/MIME capabilities of the cert
> owner's MUA. So the sender MUA might choose a weak symmetric cipher.
> ...
> So the safest way is still to send a signed e-mail for cert exchange. :-/
This seems to be solved with my implementation, because my keyserver can
forward the original signed message.
Regards
Kai
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
