On Sat, 18 Apr 1998, Jim Gillogly wrote:
tzeruch wrote:
Generally, I think it would make sense to promote RSA keys to V4 format
(and assuming a V4 keyserver), but be able to export them in V3 format
when necessary. The keyserver could find the key given either the V3 or
V4 keyid.
Looking forward to a "semantics" document (if it comes to that) to
supplement the formats document, I'm uncomfortable making an explicit
linkage between the V3 and V4 format RSA keys unless we have a good
model of what signatures mean in this case. If a signer signs one or
the other format, would you assume that signature has the same meaning
for the other format? Would you have the Web of trust form the union
of signatures on the two styles of key? I suppose it makes sense, but
I'd want to think through the implications further. Certainly it would
be sufficient to have each of your signers sign both formats, but it
seems overly tricky to have to check a signature by failing, then
converting the key to the other format and trying again.
Jim Gillogly
The actual essence of the key is the modulus and exponent in the case of
an RSA key (actually the Modulus - exponents would be subkeys). So a V3,
and a V4 RSA key should mean the same "persistent identity" wherever the
N/E pair appears. Same things applies for the public key parameter of DSS
or DH keys.
There is even a metacert group apparently trying to standardize on
something that will encompass all usages so one set of key parameters will
work everywhere.
About a year ago I converted my PGP key to an X509 certificate request and
had Verisign sign it when they were doing free user IDs, and should be
able to take a Verisign X509 cert, pull the moduli, create a PGP public
key that can verify the signatures (possibly giving it a high trust
level).
Since my implementation is SSLeay based, I already have most of the X509
style cert handling already available. Conversion is usually figuring out
how to map the parameters (I usually use a oneline as the userid, and the
NotAfter gives the expiration date, etc.), and calling my keyout5 routine
with the x509 public key data. I can also take my PGP secret key and
convert it to an SSLeay private key file.
I haven't looked at S/MIME in any detail yet, but from what I have seen it
shouldn't be too difficult to cross the boundary.
--- reply to tzeruch - at - ceddec - dot - com ---