Slight correction On 2 Jun 2017, at 22:36, Salz, Rich <[email protected]> wrote: > > >> In addition, Alexey is interested in helping with an ACME challenge for >> email certificates. Is anyone else interested in helping to draft drafting? > > Alex posted a draft just before the meeting. Consensus was to split the > SMTP-server related part and the user S/MIME related part and work on them > separately.
The first part is any MTA certificate. It obviously applies to SMTP servers but also IMAP servers (where they are not co-located with SMTP), and I suppose also POP3 although the draft doesn’t mention that. The reasoning is that MTAs typically have certificates now (although many use self-issued) and they have DNS records, so automating the certificate issuance is clear and straight-forward. Mail users don’t have any central registry ([1]) and in practice most users don’t have certificates so it’s not clear we can solve this even if we try. Better to separate the high-risk from the low-risk. Yoav [1] Claims by all those emails I’m getting telling me that I won Google’s email address lottery notwithstanding.
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
