pem-dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

PK identifier question

1994-12-27 10:12:00
from [Jeff Thompson] [Permanent Link] 

Here is an excerpt from the first example in the current MIME/PEM draft.

    Content-Type: application/pem-signature
    Content-ID: <21436(_dot_)785186814(_dot_)1(_at_)tis(_dot_)com>
    Content-Transfer-Encoding: quoted-printable

    Version: 5
    Originator-ID: PK,MHkwCgYEVQgBAQICAwADawAwaAJhAMAHQ45ywA357G4fqQ61aoC1fO6B=
    ekJmG4475mJkwGIUxvDkwuxe/EFdPkXDGBxzdGrW1iuh5K8kl8KRGJ9wh1HU4TrghGdhn0Lw8g=
    G67Dmb5cBhY9DGwq0CDnrpKZV3cQIDAQAB,EN,2,galvin(_at_)tis(_dot_)com
    MIC-Info: RSA-MD5,RSA,PnEvyFV3sSyTSiGh/HFgWUIFa22jbHoTrFIMVERfMZXUKzFsHbmK=
    tIowJlJR56OoImo+t7WjRfzpMH7MOKgPgzRnTwk0T5dOcP/lfbsOVJjleV7vTe9yoNp2P8mi/h=
    s7

In the Originator-ID, *both* the public key and the key selector
(which is supposed to be for hiding the public key) are provided.
This is the kind of thing the suggests a great deal of confusion over
what the key selector is for.  The draft doesn't give me any help as
an implemetor about what I'm supposed to do with such a construct.

If the key selector is really for hiding the public key, then what is
the sense of a syntax which has both the public key and the key
selector?  The only thing I can surmise is that this is some sort of
implicit certification request and that my application is supposed to
allow the recipient to authenticate the name/key binding and use the
key selector henceforth.  But then the originator has already spilled
the beans by transmitting the public key.  And what is a certification
request doing in the Originator-ID anyway???  Isn't that what the
application/pemkey-data is for?

I still think the public key is good enough as the Originator-ID.  But
it that doesn't happen, I would expect the syntax to be cleaned up so
you don't end up with both a public key and a key selector in the same
identifier.  The authors may have created this construct to be reused
in conveying certification information in the application/pemkey-data,
but it shouldn't be in the Originator-ID.  I can't figure out what my
application is possibly supposed to do with such a thing.  I would
expect the syntax for PK, used as an Originator-ID, to be more like:

 <id-publickey>  ::= "PK"  "," <publickey> [ "," <name-subset> ] CRLF

 <name-subset>  ::=
   ( "EN"  "," <emailstr> ) / ( "STR" "," <string> ) / ( "DN"  "," <dnamestr> )

- Jeff
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: summary of technical issues, Amanda Walker
Next by Date:  Re: summary of technical issues, Ali Bahreman
Previous by Thread:  Reaching Closure on PEM-DEV, Ali Bahreman
Next by Thread:  Re: PK identifier question, James M Galvin
Indexes:  [Date] [Thread] [Top] [All Lists]