[Security] PGP (XEP-0027)

Stephen Paul Weber singpolyma at singpolyma.net
Tue Jun 2 12:50:26 CDT 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Somebody signing messages as Peter Saint-Andre wrote:
> On 6/2/09 11:02 AM, Stephen Paul Weber wrote:
> > Somebody signing messages as Peter Saint-Andre wrote:
> >> As I understood it, we were thinking that clients would generate a
> >> simple key (not PGP) for use in session security. That key could be
> >> signed with an OpenPGP key or X.509 cert if the user has such a beast,
> >> but we would not introduce a dependency on OpenPGP or X.509.
> > 
> > Instead you would introduce a dependency on some new key format of your
> > invention? This does not seem to be a win.  The benefit of supporting
> > OpenPGP and X.509 keys is the formats are already standardised, well
> > understood and supported, and widely depolyed.
> 
> No, we would probably use DSA keys. We're not in the business of making
> new key formats here. :)

So, IIRC, DSA is a valid key format for signing in OpenPGP... so is it just
that you don't want to support multiple key formats / signing algos?

- -- 
Stephen Paul Weber, @singpolyma
Please see <http://singpolyma.net> for how I prefer to be contacted.
edition right joseph
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQIcBAEBCAAGBQJKJWZhAAoJENEcKRHOUZzenZEP/jzbcX4VLrth11rqpkSR1bHT
qGmmkaj+5eDlNsz/3KuEODORi7u8X9WtAW3AsIdFjPSh9ONDOeuyDh+ucBaQqWDa
kb19bNK7BKHVixC8BxfTjDOR8Al6D1DWLMGu+QATTE0Pd/L9n8EcturNNR8AnG0L
oUBWVz1+dT3Mtf2c+hgoCY8V22fYkq/UnNFL/VCC5Y1jn/mIT97/80DisiYDh84n
g9Dt7qSwh54ptsGWNrvghYLwlnJm23finmpJASElaBg4TCuvRhZvOt/XqMg/wwLY
IfTUHxVgtWjV9maeuyXRdiIsKjuIXuwm9nGQ0AKS0pwJNpsdBAWO3ClQ6Jam8yZG
dAEIr1dovZ8jzk6HsABWAh4GocZhlaKDhoUXCFSlf3v7eXKwCRZYa9aFkRWXU5LE
+CJrcoeE72HwuQfaM/WHRbHfE6WrLHfd8GNQbIh+aJfRXsWEHy5os1qKRAEAlsqS
vFVTCJkrCli1F0dge6+hLB05z/92rdxujMAY0l7WdR62eNexvnpTuLo6FUfjO1H5
Jv4KzA9NBW9JdwAmyUVEsqnGwytMJvsmU86X+ky7wNAahm1TyWFj5bL43Te/sMBW
UVbRJWtzgEHZS85GOHFRcVqapRDZQUxhsUUL2JtAGXmFBfP5NCY0h0wdi7MU+Qtq
fYGuDfau3v/y2hLIlE8+
=/4eK
-----END PGP SIGNATURE-----


More information about the Security mailing list