[Security] PGP (XEP-0027)

Stephen Paul Weber singpolyma at singpolyma.net
Wed Jun 3 01:46:02 CDT 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Somebody claiming to be Simon Josefsson wrote:
> While I like PGP/X509 to be used, I think it is important to also
> support secure communication to happen based on a shared secret.  While
> the security industry likes to believe public key solutions will solve
> everything, what normal people understand will continue to be
> "passwords".  And it should be possible to build a secure communication
> system bootstrapped from a password.  One approach is for
> implementations to generate the X509/PGP certs on the fly, and
> authenticate them using the shared secret.

I can't speak to SSL/TLS, but the OpenPGP standard has support for symmetric
encryption (ie "shared secret" encryption).

- -- 
Stephen Paul Weber, @singpolyma
Please see <http://singpolyma.net> for how I prefer to be contacted.
edition right joseph
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQIcBAEBCAAGBQJKJhwqAAoJENEcKRHOUZzeeIIP/jhHfZJfKlmPG72Y0K78vpNU
3f+KLfDKJ2gaL8b4CxyoLzJPS2OaMPKCV+t9Sg/z+ki07C4pgkpkCeRYmOuRiSXO
ETsLriOi2SZhI+LCjZLboOTBiZnP7Z9L8K5sTeFcsyijVLTtHMYT5RLb1/yJHws0
vkAcg3CzsG1UM2IZtcLDwDEbscGhi4joMmXIrq/TCgAn3N+ITh1zv4rOq4MBx3oz
17BeTtT8GvE4BYolcDPaHS+eZIjTGn35Df/uIlUaZOmiMRJvSqSKGUBFsw6OT1Yi
Pw2XdIZzSuf66U/uPa39uXnTFcKLHMfOJqRE1IsQHhSS+Nng3mLBkueETj/gV5b6
UJpmWrlnGwgnA+4mN9jfQ3T5CVn7Tu3MgpJfoPXLPSXq5R8ryh6v2AfagYUsT0sJ
0h8/njdP3SnOZxdaOowzJJfrTBloPZXJEriSH/McK0qlrMoKBqC09fQ5OlY01RIt
4DsdksQNAlsBRhV0J2NJu4VZKe6fSnBFPK6EApcxLg6+1+pfV+GpKRoHNYVXQwud
t9ZiBasD4sD71DJUlHavxQvMYwN0EuJgOtPoN8BiOEDe9srTtZ6b8KlloU4kSDKB
YOPm9X45Rh689B0J6FzPNQDOJ4xagWMViHo7nSf3VU0Joj3evcrBiakhj6tov8n9
Wquvyl31RUjXUsP5zEvR
=3FJ0
-----END PGP SIGNATURE-----


More information about the Security mailing list