Duane,
The idea is good, but as you point out, protocols such as LDAP already exist to do this.
What's missing is a global (worldwide) directory that's independent of a particular corporation of government. The key problem is that no one entity would have the resources to host such a server. Some distribution is necessary. Your protocol proposal is overly simplistic and does not address this issue, or the missing link of where the database of certs actually comes from ...
The idea is CAs already have databases, this method just provides a common interface to access the different systems with. Alternatively things could be done in a PGP Key Exchange fashion where people upload their own certificates just as you do with PGP.
These topics have been discussed extensively on IETF pkix and smime mailing lists, but no solution was found. You should look at the archives and look for my name in there. I definitely agree with you that the need exists for a global directory that can map email address to certs. This is a gaping hole in global PKI usage. But not an easy one to solve.
I think for the most part the PGP solution works, so maybe an extension to it, or something in parallel might work the best...
-- Best regards, Duane
http://www.cacert.org - Free Security Certificates http://www.nodedb.com - Think globally, network locally http://www.sydneywireless.com - Telecommunications Freedom http://happysnapper.com.au - Sell your photos over the net! _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
