I would like to make an informal survey so we know what concerns we
are really addressing. I especially ask for response from people who
have been vocal in favor of the key selector: warlord(_at_)mit(_dot_)edu,
rhys(_at_)fit(_dot_)qut(_dot_)edu(_dot_)au, wford(_at_)bnr(_dot_)ca,
williams(_at_)atlas(_dot_)arc(_dot_)nasa(_dot_)gov,
perry(_at_)snark(_dot_)imsi(_dot_)com, vitor(_at_)uminho(_dot_)pt,
galvin(_at_)tis(_dot_)com(_dot_)
1. Do you want the key selector because it hides the public key so
that people cannot factor the modulus?
No. (I believe that any system which depends for its security upon
keeping public keys secret is heading off on a shaky course.)
3. Do you want the key selector because it wards off traffic analysis
so that the identities of the originators and recipients can be
concealed?
No. Not a service goal.
I want key selectors because they serve to identify one key from many owned by
the same entity either at the same time or over periods of time. In products
supporting key life cycle management, we always have key selectors - they are
essential for purposes such as archive and audit management. Ideally, the key
selector also accompanies each instance of use of the key, to serve as an index
to find the right key. In public-key systems it is sometimes possible to avoid
using such selectors, making use of dates, or the public key value itself, to
find the right key. However, dates are problematical because of overlapping
periods of key usage and because dates are not always reliably known. In
theory, the public-key value is adequate, but in practice this value (or a hash
thereof) is not a good database index (too big, if uniqueness is to be
assured).
For example, simply assigning monotonically increasing numbers to the sequence
of keys for one entity, then storing key records sorted by key selector, gives
a
much cleaner and efficient implementation.
We have introduced Key Identifier as a new field in the X.509 v3 certificate
for
this purpose. It seems to me that exactly the same value could be conveyed in
the key selector of MIME-PEM. That way the right public key can always be
readily found, regardless of whether or not a copy of the key or a certificate
accompanies the message.
Warwick