[Standards-JIG] The Great Encryption Debate

Justin Karneges justin-keyword-jabber.093179 at affinix.com
Thu Aug 18 17:06:41 UTC 2005


On Thursday 18 August 2005 07:40 am, Ian Paterson wrote:
> > may sound silly to use X.509 without a CA, since
> > security-wise that's no better than simply using
> > plain RSA keys.  I would assume the reason had more
> > to do with choosing a future-proof standard format.
>
> The lack of compactness is a disadvantage. How might an untrusted
> self-signed cert be more future-proof than 'plain' subjectPublicKey?

Ah you're right, it wouldn't be.  SubjectPublicKey allows for multiple formats 
already, and that's what I was referring to.

What the Certificate format brings is signed metadata (notably the JID).  It 
also means the key format is "ready to use" for things like TLS.

-Justin



More information about the Standards mailing list