[Standards-JIG] The Great Encryption Debate
ian.paterson at clientside.co.uk
Fri Aug 12 16:27:42 UTC 2005
I agree with everything Justin (and Bob Gilson) said about key-JID
association. (If I'd read them first then perhaps my email before-last
would have been a little shorter ;)
> a number of clients have implemented JEP-0027
Almost nobody uses it though. We need something that is 100%-transparent
for users and defaults to "always on".
> I do plan to implement JEP-0116
> object encryption is simpler to program,
> and simpler to deploy, particularly for signing
> I additionally plan to implement RFC 3923
> However, I also find it annoying having two
> ways to do the same thing.
I'd *really* like to avoid the need for that too.
I made a few minor changes to the JEP. Now, if you've implemented
JEP-0116, then one-to-one object encryption and object signing are
trivial. See the notes about <terminate/> in Sections 6.1.5 and 6.2.4 of
version 0.6: http://www.clientside.co.uk/jeps/jep-0116/jep-0116.html
No CPIM grumbling necessary. :)
I'm interested in your feedback on using JEP-0116 for one-to-one object
> [what about] broadcast signed news items[?]
Two possible answers:
Short: One-to-many is out of scope for JEP-0116.
Long: Yes. It is inefficient to calculate a different signature (and DH
key) for every user. (Although even with traditional object signing
you'd always have to calculate a few signatures since the recipients
would typically support different public key association systems and
authorities.) This needs more thought.
More information about the Standards