private key language

ietf-openpgp

private key language

2005-12-28 02:32:52


There's another issue I would like to see cleared up. Right now, I think the
private key format is overspecified. This is especially important, since the
format in the specification has known weaknesses.

I think, it should be ultimately up to each implementation how they store
private keys and it does not affect interoperability. It should be made
clear that private key packets are intended only as an export-import format
and that additional security measures (such as enclosing the whole thing
inside an integrity-protected encrypted packet) are recommended, when
transfering private keys.

-- 
Daniel

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
private key language, Daniel A. Nagy <= Re: private key language, David Shaw Re: private key language, Daniel A. Nagy Re: private key language, David Shaw Re: private key language, Daniel A. Nagy Re: private key language, David Shaw Re: private key language, Jon Callas Short intro on the K-R attack [Re: private key language], Daniel A. Nagy Re: Short intro on the K-R attack [Re: private key language], Jon Callas Re: Short intro on the K-R attack [Re: private key language], Daniel A. Nagy Re: Short intro on the K-R attack [Re: private key language], Jon Callas

Previous by Date:	Re: Outstanding question - rule on cleartext signing last line, Daniel A. Nagy
Next by Date:	Re: Outstanding question - rule on cleartext signing last line, Ian G
Previous by Thread:	Re: Outstanding question - rule on cleartext signing last line, vedaal
Next by Thread:	Re: private key language, David Shaw
Indexes:	[Date] [Thread] [Top] [All Lists]