[Standards-JIG] The Great Encryption Debate

Ian Paterson ian.paterson at clientside.co.uk
Thu Aug 18 14:40:40 UTC 2005

> client generate a self-signed X.509 certificate and then 
> PGP-sign it.
> Now the certificate could be used for c2s auth (TLS), file
> transfer (TLS), and RFC 3923 (S/MIME).
> Maybe RFC 3923 doesn't need to be modified at all.
> We'd just need a separate PGP -> X.509 JEP.

That's a very versatile solution. Of course it could be extended beyond
PGP to other WoTs.

> In my opinion, then, it would be worthwhile to standardize 
> on X.509 certificates (and in this case I really do mean the 
> certificate format, not subjectPublicKey) as a key format,
> even if it is simply used in an "ssh-style" manner (ie, 
> self-signed, fingerprint-checked, cached).

I think that could make sense, especially for signed keys. For unsigned
keys both the lack of compactness and the non-jabber feel (XML vs DER)
still *feel* wrong.

> may sound silly to use X.509 without a CA, since 
> security-wise that's no better than simply using
> plain RSA keys.  I would assume the reason had more 
> to do with choosing a future-proof standard format.

The lack of compactness is a disadvantage. How might an untrusted
self-signed cert be more future-proof than 'plain' subjectPublicKey?

It seems we're closing in on some sort of consensus of... two people.
Can someone else please rock the boat. ;)

- Ian

More information about the Standards mailing list