[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SPKI signing keys only

> Obviously, we are writing in different languages, or someone is being
> deliberately obtuse.
> SPKI Identifications can indeed be used with Photuris, Oakley, and/or
> TLS -- for Authentication purposes only.
> SPKI keys should not be used for "key establishment".  That is,
> encrypting a session-key directly.

In the language I am familiar with,

"key transport" means one party generates a session key and sends it to
the other party by some confidential means, usually by encrypting it with
the receiver's RSA public key.

"key agreement" means that the two parties cooperatively arrive at a
session key by some means.  There are many key agreement protocols, including
Diffie-Hellman, Fortezza KEA, Photuris, SKEME, ...  Some, such as KEA,
provide inherent authentication.  Others, such as basic D-H, do not, and
must be augmented by a separate authentication step.

"key establishment" was my made-up term to refer to any public key based
process which results in a session key, including transport and agreement.
I apologize for creating confusing terminology on the fly.

So your position is that SPKI-certified keys should not be used for
key transport?  And that SPKI-certified keys are acceptable for use
in key agreement protocols (such as Fortezza's) that do not involve
encrypting the session key?  And therefore that SPKI-certified keys
should not be used to provide RSA key transport for messaging protocols
such as S/MIME and PGP?