On Wed, 23 Sep 2015, Phillip Hallam-Baker wrote:
I have no problem with the draft going forward, provided that there is a statement that I and other people making proposals can point to stating that this is not going to block other approaches.
You mean a statement in the document? At the IETF? The document makes no statement about any other mechanisms for encryption or crypto key distribution. I think that's the best we can do. If people make weird statements about SMIME roots based on this document, it should be pointed out those people are wrong.
For example, if you have an organization that is hierarchical such as the US federal government, the simplest way to deploy end-to-end email in the organization would be to deploy a PKIX CA to issue S/MIME certificates, store the certificates in a Web server [*] and stick the address of the web server and the fingerprint of the intermediate KSK in a DNS record.
I strongly recommend those organisastions use draft-ietf-dane-smime and publish SMIMEA records instead of OPENPGPKEY records. Paul