[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: public key algorithm naming


To: spki@c2.net
Subject: Re: public key algorithm naming
Date: 03/12/98, 16:41:29

> IMO, the hash algorithm you use to sign is as important a part of "you"
> as your key parameters are.  It serves to define you as much as anything, 
> in the digital world, where everything comes from signatures.  Listing 
> your hash algorithm beside your key parameters gives it this important 
> meaning - since keys get signed as parts of certificates and are also 
> listed in ACLs.  The way I see it, a signature from someone with your 
> same key parameters but using a different hash function is not you.

But with digital signatures, it's the owner of a key who is going to
sign. The hash algorithm name is used to tell someone else what they
should use to verify that signature. Your argument would be valid for
encryption keys, where along with your public key you specify the list
of encryption algorithms that you're willing to accept -- but that's
not what we're talking about here (I think :-)

With signing keys, by placing a hash algorithm name in the key you're
restricting yourself as to what parameters you'll use to sign. I find
this unnecessary.
- -Angelos

Version: 2.6.3i
Charset: noconv
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface