SMTP, SMIME and CERT Implementation Guide
The SMTP, S/MIME, and CERT Implementation Guide is a practical introduction to the use and configuration of the core SMTP and associated technologies used to push documents securely between sources and recipients. The Implementation Guide explores the core concepts, the frameworks for deploying SMTP-based document exchange, and the available references for configuration, operational testing, and ongoing management of services.
The Implementation Guide will be used by organizations deploying encryption and security management, including organizations that wish to implement:
- A HISP in Agent mode
- A client or client proxy managing encryption, validation, and trust services
An inital orientation to the core technologies, the role it can play in Direct, and the benefits in its implementation.
How you might use the core technologies in the context of a:
- Client proxy
- SMTP + S/MIME aware EHR or EHR module
- S/MIME-aware email client
Use of DNS CERT records
Covers configuration and use of BIND and other DNS servers, propagation of CERT records, management of CERT RRs, testing of CERT propagation, and use of tools provided in the reference implementation.
Configuration of Trust Anchors
Covers concepts, configuration and management of trust anchors, including options for trust anchor deployment, and use of tools provided in the reference implementation.
SMTP Server Configuration
For HISPs deploying in Agent mode, covers the use of popular SMTP servers, and how to integrate the Agent code into the server pipeline.
SMTP Proxy Agent Configuration
For clients deploying in Agent Proxy mode, covers how to set up the proxy and configure email clients to use the proxy.
Covers how to test your configuration to ensure it is working well. Describes use of tools provided in the reference implementation to aid your task.
Describes how to use logging and other tools for ongoing operational management and maintenance.
Recommendations on preferred techniques for deploying SMTP, S/MIME and DNS services to exchange the most useful and most fault-tolerant set of data possible given other situational constraints.