[Standards-JIG] The Great Encryption Debate
justin-keyword-jabber.093179 at affinix.com
Thu Aug 18 17:06:41 UTC 2005
On Thursday 18 August 2005 07:40 am, Ian Paterson wrote:
> > may sound silly to use X.509 without a CA, since
> > security-wise that's no better than simply using
> > plain RSA keys. I would assume the reason had more
> > to do with choosing a future-proof standard format.
> The lack of compactness is a disadvantage. How might an untrusted
> self-signed cert be more future-proof than 'plain' subjectPublicKey?
Ah you're right, it wouldn't be. SubjectPublicKey allows for multiple formats
already, and that's what I was referring to.
What the Certificate format brings is signed metadata (notably the JID). It
also means the key format is "ready to use" for things like TLS.
More information about the Standards