Ben Bucksch wrote:
>
> Nelson B. Bolyard wrote:
>
> > Remember that for encrypted messages, you need the cert of each person who
> > is an intended recipient.
>
> But the collection happens without UI (OK, there might be a pref). If
> there is some kind of import allowed, that's PSM's job. Same for
> management (deletion, display) of them.
I don't understand that last paragraph above at all. Not at all.
Collection? Import? of what?
Ben, this thread began with someone wanting to be able to view PKCS7
encrypted messages with the browser, not the S/MIME email viewer.
I think they were asking for the ability to view such pages via http.
There are many issues with that idea that were not addressed in that
suggestion. I'm not sure the person who made the request had considered
all the implications of the idea.
For starters, the encryption keys for PKCS#7 messages only available to
specific people whose certificates must be given at the time the encrypted
message is created. Only those people will be able to decrypt the messages.
So, some of the issues are:
a) if you attempt to view a page containing a PKCS#7 encrypted message,
and you're not one of the people for whom the message was encrypted
(that is, you don't posess the private key corresponding to any of the
public key certs used to prepare the message), then what do you see?
b) how do you prepare such a page? Does composer get beefed up to include
all the stuff necessary for selection of the recipient's certs?
These are (some of) the UI issues of which Bob Relyea wrote. I don't
thing the original request considered any of those issues.
Many of these issues are easily resolved in the context of email.
At composition time, the recipient's certs are selected via their email
addresses. And since the pages are sent to the recipients, non-recipients
do not, in general, need to deal with pages they cannot decrypt.
So, the point of my initial one-line reply was that the mechanism to
view encrypted PKCS#7 "pages" is (er, should be) S/MIME, not the browser.
If someone comes forth with a complete, well thought out, proposal for
viewing encrypted PKCS#7 web pages, including how such pages would be
created, and what happens when the page cannot be decrypted, not solving
the important issues with hand waving (e.g. "PSM should just do it"),
then it should be considered.
--
Nelson Bolyard http://nelson.bolyard.com/
Speaking only for myself.
