[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SPKI signing keys only
-----BEGIN PGP SIGNED MESSAGE-----
At 04:02 PM 6/23/97 -0400, David P. Kemp wrote:
>> So, let me say again, SPKI should _never_ provide key establishment, and
>> this should be clearly stated.
>
>Fine with me. But if SPKI certs can never be used with Photuris or
>ISAKMP/Oakley or TLS, the working group should clearly state that intention
>so that communication protocol designers don't have to worry about handling
>SPKI certs.
I think that's going too far.
I believe someone might be able to construct protocols for secure channels
using authentication/authorization provided by SPKI certs and that the
(public-key ...) block should be able to describe an encryption key (or D-H
key). Someone might even want to define a (tag ..) field which declares an
encryption key. I would imagine that key (or its hash) to be in the (tag),
not in the (subject), although I suppose that's open for discussion.
However, if it's in the (subject) then we've opened up a political rathole,
IMHO.
- Carl
-----BEGIN PGP SIGNATURE-----
Version: 5.0
Charset: noconv
iQCVAwUBM7AWR1QXJENzYr45AQFLkQQAhfA76SyUiqvxODluPmvAPsIyqpKGpqA5
WoPY5UVh7t2Vl+nQSvEXLUb8S0rMonJrFdGM0dBImm86DtVDC3vi7sWV4AdVcquH
hiLOkv0lXTWoifyeNX20HlhahSKNi5YCadIPEqf/yShXcfgu4POdc9KBODMDMReI
l6JlsSVgqqI=
=N3du
-----END PGP SIGNATURE-----
+------------------------------------------------------------------+
|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
|CyberCash, Inc. http://www.cybercash.com/ |
|207 Grindall Street PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 |
+------------------------------------------------------------------+
References: