[Smcwg-public] Approved Minutes of SMCWG June 22, 2022
Taavi Eomäe
taavi at zone.ee
Mon Aug 8 10:55:57 UTC 2022
> However he also noted the possible privacy concerns that some may have
> regarding OCSP being used to mine information about users opening
> encrypted emails. Corey Bonnell pointed out that the same privacy
> issues could befall CRL as well in the case of sharded CRLs.
>
> Stefan Selbitschka noted the privacy issues relating to revocation are
> equally a concern that should be placed upon the mail user agents.
> Stephen noted that he would adopt some of the improvements however
> found in Martijn’s PR.
>
Wouldn't this be a moment to consider creating (or agreeing to create in
the future) something like S/MIME OCSP-stapling? Alternatively, the
rules could forbid the use of a OCSP responder for tracking purposes?
Because a general lack of revocation information to avoid potential
privacy concerns sounds like a tradeoff that's too expensive.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20220808/d072ee20/attachment.html>
More information about the Smcwg-public
mailing list