[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SPKI signing keys only

To: spki@c2.net
Subject: Re: SPKI signing keys only
From: "William Allen Simpson" <wsimpson@greendragon.com>
Date: Tue, 24 Jun 97 17:39:05 GMT
Sender: owner-spki@c2.net

> From: dpkemp@missi.ncsc.mil (David P. Kemp)
> > So, let me say again, SPKI should _never_ provide key establishment, and
> > this should be clearly stated.
>
> Fine with me.  But if SPKI certs can never be used with Photuris or
> ISAKMP/Oakley or TLS, the working group should clearly state that intention
> so that communication protocol designers don't have to worry about handling
> SPKI certs.
>
Obviously, we are writing in different languages, or someone is being
deliberately obtuse.

SPKI Identifications can indeed be used with Photuris, Oakley, and/or
TLS -- for Authentication purposes only.

SPKI keys should not be used for "key establishment".  That is,
encrypting a session-key directly.

WSimpson@UMich.edu
    Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32
BSimpson@MorningStar.com
    Key fingerprint =  2E 07 23 03 C5 62 70 D3  59 B1 4F 5E 1D C2 C1 A2

Prev by Date: Re: Subject signing redux (was: Re: Mary is Mary)
Next by Date: Re: SPKI signing keys only
Prev by thread: Re: SPKI signing keys only
Next by thread: Re: SPKI signing keys only
Index(es):
- Main
- Thread