SMIMEA support?

[jschlyter]

Support for producing SMIMEA RRs would be really nice. Pretty please?

[rijswijk]

Had a quick look at the draft, seems pretty straightforward, but have some questions. I think I can make it fully automatic, in the sense that if it is an end user cert, I take the e-mail address from the certificate and if it is a CA certificate I assume that the SMIMEA record should be a wildcard. But alternatively, I can make all of this work through command-line flags. Which would you prefer?

Also note: will probably not get to coding until late January due to deadlines.

[jschlyter]

Command line is fine with me - trying to select which email address (in subject, subjectAltName, ...) may be messy.

[rijswijk]

OK, good to know, I had the same concerns, cmdline makes life a bit easier ;-)

[rijswijk]

Have added provisional SMIMEA support, can you check if this is what you were looking for? Also implemented features to check the specified e-mail address against the subject and subjectAltName of the certificate.

[jschlyter]

Looking good so far, seems that I can generate a decent RR for jakob@kirei.se. Perhaps the default domain basename could be taken from the email address domain part?

The default flags for SMIMEA should probably be 3 0 0 in order for encryption to be possible, or 3 1 1 for signing. Any changes you can add support for matching type zero?

[rijswijk]

Good suggestion w.r.t. taking the basename from the mail address. I will look into matching type 0 support soon (hope to find time this week).

[rijswijk]

I've made the suggested and requested changes, matching type 0 is now supported, defaults for TLSA and SMIMEA are now 1 0 1 and 1 0 0, and the hostname for SMIMEA is taken as the right-hand part of the e-mail address if selector 1 or 3 is chosen.

[jschlyter]

Nice!