[Smcwg-public] [External Sender] Re: Certificate Suspension

Adriano Santoni adriano.santoni at staff.aruba.it
Mon Aug 29 06:52:31 UTC 2022 

I am also against allowing suspension, for the various reasons already 
well explained by others, but would be open to change my mind if only I 
should hear that - at least - Microsoft (for Outllook) and Mozilla (for 
Thunderbird) are willing to modify their email clients' behaviour to 
handle suspensions properly. Lacking this, I think the entire discussion 
is moot.

Adriano


Il 26/08/2022 16:26, Tim Hollebeek via Smcwg-public ha scritto:
> NOTICE: Pay attention - external email - Sender is 
> 01000182da8be3a9-c11ef174-dcbc-48a2-8425-082c2249ba6e-000000 at amazonses.com 
>
>
>
>
> I would love to hear from Certificate Consumers whether they are / are 
> not interested in improving suspension in these ways.  If they are, 
> then perhaps this is worth working on.  If they aren’t, then it would 
> likely be a wasted effort.
>
> While thinking about this a bit more last night, I realized that the 
> experience is probably even more a nightmare than I had anticipated, 
> as the correct implementation would need to check whether the 
> certificate was suspended at the time the email was signed, not 
> whether the certificate is currently suspended.  I doubt it currently 
> works that way in all current mail clients.  Otherwise you can 
> retroactively invalidate a whole bunch of signatures that happened way 
> before whatever event triggered the need for temporary suspension.  I 
> don’t even want to think about all the games you can play with asking 
> for your certificate to be suspended temporarily whenever you want to 
> manipulate whether your historical signatures validate successfully or 
> not.
>
> -Tim
>
> The SMCWG is about to create a new Guideline document with some 
> industry-agreed principles and policies. The fact that things are not 
> coordinated /today/ shouldn't prevent us from designing improvements 
> for /tomorrow/. Perhaps some Certificate Consumers will decide to add 
> the necessary development time and improve the existing 
> implementations based on the SMBRs.
>
>
> _______________________________________________
> Smcwg-public mailing list
> Smcwg-public at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/smcwg-public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20220829/4aa74c92/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4557 bytes
Desc: Firma crittografica S/MIME
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20220829/4aa74c92/attachment.p7s>

More information about the Smcwg-public mailing list