[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SPKI signing keys only
-----BEGIN PGP SIGNED MESSAGE-----
At 09:14 AM 6/23/97 -0400, David P. Kemp wrote:
>Others have found a need to make the distinction between signing keys
>and key establishment keys. If SPKI chooses not to make the distinction,
>it will just be deferring the decision to private agreement among
>implementors. One way of being "simple" is to avoid standardizing
>such usage conventions. I question the wisdom of that, but since there
>is already a PKI architecture that does provide a framework for
>standardizing the meaning of various "auths", it is probably good for
>SPKI to *not* standardize them, and instead defer the definition of
>"auth" meanings to bilateral agreements and community usage profiles.
I follow the argument and there's certainly room in an authorization field
to say "this is an encryption key". However, I have been led by recent
examples from elsewhere to assume that we should define a key-use field
inside the key block itself -- so that even if we had the same RSA modulus
and exponent used both for signing and for key transport, the
(public-key ...)
block would be different for the two and therefore the key hash would
be different.
- Carl
-----BEGIN PGP SIGNATURE-----
Version: 5.0
Charset: noconv
iQCVAwUBM7AT8lQXJENzYr45AQFRKgP+LquW0l0vuOD8f5SIfzFa+pNA3c76+F+v
ydkR8lOz9gVK7OjAq1JgQ/3ifLS1fOGupAbE1vxtuJIzwASYeQwJZmlqCJ1yGjQN
lMtAcxW4CaRwZvhKwVFW9PfsFk3ox3SAgwsm7OOhYAs5kB5XyjM2W/KvraTatxJz
r4g1E4vC8Q8=
=Igd3
-----END PGP SIGNATURE-----
+------------------------------------------------------------------+
|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
|CyberCash, Inc. http://www.cybercash.com/ |
|207 Grindall Street PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 |
+------------------------------------------------------------------+
References: