My idea is pretty simple, if all you have is an email address of the person you want to email, and they have a public certificate listed in the system, client software should be automatically be able to retrieve the certificate and encrypt email to the person without any intervention from the user. This would be particularly useful for web mail services and 802.1x key handling, as all you need is the email address, not a bunch of certificates.
The currently level and ease of use of cryptography is pretty poor, and perhaps that's understating it somewhat, to address this I started thinking about a whois type service to distribute certificates, and it ended up somewhere a cross between a finger service and a PGP Key Exchange. Basically you connect to a tcp port on a CA service that interacts with a database, you supply an email address or a host name and the system replies with the current valid certificate which can then be used to encrypt data.
For the full draft + example daemon code to achieve this go to:
http://www.cacert.org/index.php?id=26&prob=8
-- Best regards, Duane
http://www.cacert.org - Free Security Certificates http://www.nodedb.com - Think globally, network locally http://www.sydneywireless.com - Telecommunications Freedom http://happysnapper.com.au - Sell your photos over the net! _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
