Download presentation
Presentation is loading. Please wait.
Published byBonnie Flynn Modified over 9 years ago
1
Stroeder.COM TF-LSD Meeting 2001-10-29 - 1 - S/MIME Certificate Collector Motivation Proposed Solution Discussion
2
Stroeder.COM TF-LSD Meeting 2001-10-29 - 2 - Situation Today LDAP directories accepted as PKIX repository but... no globally working directory infrastructure 1 LDAP hidden behind organizational boundaries different ways for storing certificates in directory 1 E-Mail certificates are usually distributed via S/MIME (in-band) or HTTP (out-of-band) 1 no easy-to-use standard way for search & retrieval
3
Stroeder.COM TF-LSD Meeting 2001-10-29 - 3 - Situation Today
4
Stroeder.COM TF-LSD Meeting 2001-10-29 - 4 - S/MIME Cert Collector
5
Stroeder.COM TF-LSD Meeting 2001-10-29 - 5 - Dealing With Local Directories Accept existence of organizational directories as is: Local naming conventions 1 Naming transformation subject DN to LDAP DN 1 Plug-ins Access control (administration and firewalls) 1 use widely accepted transport protocol crossing org. boundaries 1 SMTP Storage schemes (often depending on PKI products) 1 Plug-ins
6
Stroeder.COM TF-LSD Meeting 2001-10-29 - 6 - Why S/MIME e-mails? SMTP is widely deployed protocol and crosses organizational boundaries like firewalls easily S/MIME implemented in commonly deployed MUAs Signed S/MIME e-mails contain sender's certificate (if configured) Sender "publishes" his/her certificate by sending signed e-mail to certain e-mail address
7
Stroeder.COM TF-LSD Meeting 2001-10-29 - 7 - Privacy Adding his/her certificate has to be intention of user User himself/herself publishes by sending e-mail to a certain address Signature has to be validated, maybe From: header in the signed body Privacy requirements have to be met by organizational directory
8
Stroeder.COM TF-LSD Meeting 2001-10-29 - 8 - Access Control Possibly data is reviewed by local directory administrator before being added Signature has to be validated against trusted root certificate Access control within organizational directory is subject of directory's configuration
9
Stroeder.COM TF-LSD Meeting 2001-10-29 - 9 - Directory Access Directly write to LDAP directory Add new entries if necessary Modify existing entries (e.g. search by e-mail address) Write data for review and bulk upload (LDIF, DSML) Write replication log How's data removed?
10
Stroeder.COM TF-LSD Meeting 2001-10-29 - 10 - What it is, what it is not It is a practical solution for a common problem a flexible tool It's not a complete replacement for a global directory infrastructure mail2ldap gateway coffee machine
11
Stroeder.COM TF-LSD Meeting 2001-10-29 - 11 - Discussion User acceptance? Required features? Security aspects? Privacy aspects?
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.