[Standards-JIG] The Great Encryption Debate
justin-keyword-jabber.093179 at affinix.com
Fri Aug 19 23:21:38 UTC 2005
On Friday 19 August 2005 06:19 am, Ian Paterson wrote:
> > > > may sound silly to use X.509 without a CA, since security-wise
> > > > that's no better than simply using plain RSA keys.
> > What the Certificate format brings is signed metadata
> > (notably the JID). It also means the key format is
> > "ready to use" for things like TLS.
> I'm not entirely sure that signed metadata is important when people are
> validating unsigned keys (out-of-band). How does it help a
> man-in-the-middle if Bob associates Alice's public key with another JID?
Just as with "ready to use", I was originally speaking more about convenience.
If the JID is already in the cert, then you can just save the cert as-is,
perhaps in a folder of PEM files. Of course, if the key was in another
format, there's no reason your application couldn't maintain its own
metadata, so you're right this is not an essential feature.
> I'm still concerned about the lack of compactness of self-signed certs
> when compared to SubjectPublicKey. I expect people will end up
> publishing quite a few public keys (from several different CAs and WoTs,
> for each client machine they use).
If other users could create certificates based on your SubjectPublicKey, then
I might agree. However, since this may not work well in practice (see my
other post), you'll end up with both a SubjectPublicKey and a certificate in
your published storage, and at that point the SubjectPublicKey becomes
redundant (since it can be derived from the certificate).
More information about the Standards