[sclug] Re: [dev-crypto] SMIME Opinions

[Will Dickson]

Rodney.A.Madden at syntegra.com wrote:
> 
> 
> Our company is planning on implementing an SMIME service. The
> service will allow individuals and organizations within the company to
> sign and encrypt outbound documents/emails.
> 
> The certificates for partners will be stored, with other info, in an
> LDAP directory. The LDAP directory also has an entry for every
> organization and person in our company.

I'd have concerns about privacy and applicable data 
protection laws (if any), but assuming you've worked all 
that out, this sounds like a good idea.

> 
> The current directive is that all private/public keypairs for individuals
> and organizations within our company will be stored  in the LDAP
> directory. 

This sounds like a really bad idea. I'm not an LDAP expert, 
but isn't the idea of LDAP to provide *access* to data? 
Whereas the whole point of private keys is that they should 
be kept private, ie. secret?

There is always a tradeoff between keeping a secret secret, 
and keeping it safe: a secret that nobody knows is very 
secret, but not much use, whereas a secret that lots of 
people know is unlikely to be lost, but isn't much of a 
secret either. IMHO this proposal is not a good answer to 
this dilemma.

If I had to come up with a counter-proposal, I'd keep the 
certs on the LDAP server, but keep the private keys on the 
users' personal workstations, with a suitable offline backup 
regime to ensure against loss of the private keys. Something 
like putting each key onto eg. a writable CD and putting all 
the CDs into a safe ought to do it.

Sorry this doesn't answer your question, but I hope it's of 
some use anyway.

Will