[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: comments on draft 03 of SKIP
Greetings,
I guess I mis-understood. I mistook the directory service for the
CA. The CA's signature needs to be authenticated, not the
Directory/Distribution service - you are correct.
Regards,
-=Chris
At 00:00 95/10/28 +0100, Germano Caronni wrote:
>Chris Liljenstolpe wrote:
>> >> > Since there is nothing secret about DH public values, one natural way
>> >> > to discover the relevant authenticated _public value_ is to
distribute
>> >> > these using a directory service.
>> >> authenticated directory service ?
>> >no authenticated _directory service_ is needed here.
>> I disagree with this. If I am receiving public keys from some directory
>> service that I have decided to trust (I think that they take proper
>> authentication actions, etc), I want to know that I am really talking to
>> that directory service and not some mitm or imposter.
>
>Hi Chris,
>I thought we were talking about authenticated public values. I do not mind
>who sends me the values, as long as I can trust one of the parties that
>authenticated them, and I securely get the public key of such a party.
>
>Did I oversee something?
>
>Germano
>
>
/ Chris Liljenstolpe (Swanson)
____/ ____/ ___ / ____/ Engineer <chris.swanson@ssds.com>
____ / ____ / /__/ / ____ / 8400 Normandale Lake Blvd #993
_______/ _______/ _______/ _______/ Bloomington, MN 55473
business driven technology solutions. (612) 921-2392 FAX (612) 921-2395
Key Fingerprint = FE 43 BD A6 3C 13 6C DB 89 B3 E4 A1 BF 6D 2A A9
Um Yah Yah!