ok I agree that a central cert server will be a paradise for spam-crawlers - on the other hand - I will publish there a "accept only signed mail" address - so my spam-filter will block everything unsigned to this adress...
Does there be a need to maintain a list of CA certificates with contact informations like for DNS? Every browser comes with a list of commercial CAs so what about a webpage and directory which contain the following data..
I dont know the exact structure of the x509 syntax, but I think it can be useful to implement a Web-URL/LDAP Pointer into every cert which describes where to fetch information about the issuing CA in a standarized manner - so the receiving client (Outlook, Netscape Mail) will not only ring the alarm bells but refers to a certain kind of information about the CA - this will help even novice users to understand what is happening there.
On the other Hand it would be a great effort to get a kind of "public domain" base certificate delivered with the browsers - the cert should be controlled by a community and certify other CAs for less than that amount of money the commercial sellers want for a CA-Cert....
But this is just a political thing....
Oliver
-- Diese Nachricht wurde digital unterschrieben oliwel's public key: http://www.oliwel.de/oliwel.crt Basiszertifikat: http://www.ldv.ei.tum.de/page72
smime.p7s
Description: S/MIME Cryptographic Signature
