> On Apr 11, 2017, at 1:38 PM, Viktor Dukhovni <[email protected]> wrote:
>
> If the design were up to me, I'd not have published per-user keys.
> Instead a site-wide trust-anchor record scales better to large user
> communities, and mostly addresses your concerns.
I should note that one can of course implement one's SMIMEA deployment
in exactly this way, something along the lines of:
*._smimecert.example.net. IN SMIMEA 2 1 1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
would associate the same TA public key digest with every user, and would
not enable user enumeration.
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
