On Wed, 21 Dec 1994 Jueneman(_at_)gte(_dot_)com wrote:
I have to agree with you on this one. I still think that a representation
for
"bare key" is useful, especially in cases where you want encryption but not
signature, but I agree that the email/selector approach can be accomodated
with the existing X.509 format.
Just as a matter of curiosity, why do you think that a bare key is more useful
for encryption than for signature? I have tended to think that there was a
very
strong duality between the two concepts, and almost always what was required
for one was required for the other. I should think that the need to be
reasonably sure exactly who it was that you were confiding your deep dark
secrets to would be very similar to the need to verify your correspondent's
bone fides before believe him. Why then would a bare key be more useful for
encryption?
As you say, it is necessary to verify who you are sending to. But that is
done _before_ the encryption takes place. Once you've verified it,
there's no need to send a full certificate to the recipient. They know
who they are and have a secure copy of their own key (one hopes anyway).
However, they might have multiple keys which necessitates sending some
kind of key selector or bare public key to tell the recipient which of
their many keys was used to encrypt the message.
Cheers,
Rhys.
--
Rhys Weatherley, Queensland University of Technology, Brisbane, Australia.
E-mail: rhys(_at_)fit(_dot_)qut(_dot_)edu(_dot_)au "net.maturity is knowing
when NOT to followup"