[Standards-JIG] Questions on RFC 3923

Jens Mikkelsen gyldenskjold at mail.dk
Thu Dec 9 12:45:07 UTC 2004


On Wed, 2004-12-08 at 05:36, Justin Karneges wrote:
[...]
> 
> An X.509 certificate is simply a container for a public key (of which RSA is 
> one possible type) along with some meta data about the owner.  As I 
> understand it, S/MIME lets you encrypt/decrypt/sign/verify data using X.509.  
> So yes, you can use RSA with S/MIME.  That's what would happen if your 
> certificate contained an RSA key.
> 
> As for XMLEnc, the spec can be found here:
>   http://www.w3.org/TR/xmlenc-core/
> And I forgot to mention the signing spec also, which is here:
>   http://www.w3.org/TR/xmldsig-core/
> 

Thanks. I have looked at xmlenc and it seems much more usefull for
Jabber than S/MIME. Have you totally given up on the JEP you wrote? It
seems that you have accepted the RFC 3923, but I must admit that it
seems totally wrong for Jabber.

> Probably the best reason to use xmlenc is to avoid having to create a new 
> format for symmetric encryption.  Since S/MIME is essentially asymmetric, 
> we'd need something different for symmetric.  With xmlenc, we can do one or 
> both at our selection.
> 
> > > Another thing you may have noticed is that I omitted PGP support in this
> > > listing.
> [...]

> 
> Well, both S/MIME and PGP involve asymmetric security.  I totally agree that 
> for most data transfer only symmetric encryption is necessary, and so 
> asymmetric security should only be used as "setup".  However, the rationale 
> for omitting PGP was simply to standardize on one public key format (X.509) 
> instead of two (X.509 /and/ PGP).

Well I think normal chat could use asymmetric encryption, because its
not that much text to encrypt, so it won't take much more time than
encrypting symmetric. With symmetric encryption you would have to agree
on a key before you can begin to chat. This might be overkill. But when
using MUC you would have to encrypt the message several times, so here
the symmetric solution would be better. This accounts aswell for video
conference, files etc.

> 
> At this point, we just need good asymmetric security for single stanzas.  We 
> can build everything else off of that.
> 

But I must admit I am having a difficult time to see the good in RFC
3923.

-- 
Jens Mikkelsen <gyldenskjold at mail.dk>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://mail.jabber.org/pipermail/standards/attachments/20041209/882a9ca0/attachment.sig>


More information about the Standards mailing list