[Standards-JIG] The Great Encryption Debate
ian.paterson at clientside.co.uk
Thu Aug 18 14:40:40 UTC 2005
> client generate a self-signed X.509 certificate and then
> PGP-sign it.
> Now the certificate could be used for c2s auth (TLS), file
> transfer (TLS), and RFC 3923 (S/MIME).
> Maybe RFC 3923 doesn't need to be modified at all.
> We'd just need a separate PGP -> X.509 JEP.
That's a very versatile solution. Of course it could be extended beyond
PGP to other WoTs.
> In my opinion, then, it would be worthwhile to standardize
> on X.509 certificates (and in this case I really do mean the
> certificate format, not subjectPublicKey) as a key format,
> even if it is simply used in an "ssh-style" manner (ie,
> self-signed, fingerprint-checked, cached).
I think that could make sense, especially for signed keys. For unsigned
keys both the lack of compactness and the non-jabber feel (XML vs DER)
still *feel* wrong.
> may sound silly to use X.509 without a CA, since
> security-wise that's no better than simply using
> plain RSA keys. I would assume the reason had more
> to do with choosing a future-proof standard format.
The lack of compactness is a disadvantage. How might an untrusted
self-signed cert be more future-proof than 'plain' subjectPublicKey?
It seems we're closing in on some sort of consensus of... two people.
Can someone else please rock the boat. ;)
More information about the Standards