ietf-openpgp
[Top] [All Lists]

Re: Fw: [ietf-tls] using openpgp with tls

2002-01-17 10:36:05

On 17 Jan 2002 12:24:03 -0500, Derek Atkins said:

I don't think that's a reasonable assumption to make.  Worse, if you
have _ANY_ v3 keys then you need to ship the keyID.  Perhaps there is

Why?  Because the HKP keyservers are not able to search by
fingerprint?  Hopefully this will be fixed and the modern key servers
support such a lookup (well, not checked but easy to add).

I can't imagine that anyone will use an old v3 key for TLS
authentication - TLS is always used on a networked machine (surprise)
and as such this machine is much more exposed to attacks than the
secure boxes we all use to handle or secret keys ;-).  If TLS is
configured somewhere, a new key should be used for this and this key
can in turn be signed by certification key.

Using PGP keys with TLS is a new thing and we don't have to take
backwards compatibility into account.

Ciao,

  Werner


-- 
Werner Koch        Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH      et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions                                        -- Augustinus