[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SPKI signing keys only

> From: dpkemp@missi.ncsc.mil (David P. Kemp)
> > So, let me say again, SPKI should _never_ provide key establishment, and
> > this should be clearly stated.
> Fine with me.  But if SPKI certs can never be used with Photuris or
> ISAKMP/Oakley or TLS, the working group should clearly state that intention
> so that communication protocol designers don't have to worry about handling
> SPKI certs.
Obviously, we are writing in different languages, or someone is being
deliberately obtuse.

SPKI Identifications can indeed be used with Photuris, Oakley, and/or
TLS -- for Authentication purposes only.

SPKI keys should not be used for "key establishment".  That is,
encrypting a session-key directly.

    Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32
    Key fingerprint =  2E 07 23 03 C5 62 70 D3  59 B1 4F 5E 1D C2 C1 A2