pem-dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

PK identifier issue

1994-12-31 18:30:00
from [Phil Smiley] [Permanent Link] 
Ned;

Sorry if I wasn't clear.  Let me try once more.

I question the utility of transmitting an unverified public key 
along with a name in a signature.

Based on the grammar in the MIME-PEM spec, I assume the contents of 
application/pemkey-data for PK would be as follows:

Version:5
Key:PK, MHkwCgYEVQgBAQICAwADawAwaAJhAMAHQ45ywA357G4fqQ61aoC1fO6B=
    ekJmG4475mJkwGIUxvDkwuxe/EFdPkXDGBxzdGrW1iuh5K8kl8KRGJ9wh1HU4TrghGdhn0Lw8g=
    G67Dmb5cBhY9DGwq0CDnrpKZV3cQIDAQAB,EN,2,galvin(_at_)tis(_dot_)com

This association would then be verified by the recipient and kept for 
subsequent use.   I agree this is reasonable procedure.  I dont propose 
any changes to this. 

Application/pem-signature with a public key identifier contains the 
following:

Version: 5
    Originator-ID: PK,MHkwCgYEVQgBAQICAwADawAwaAJhAMAHQ45ywA357G4fqQ61aoC1fO6B=
    ekJmG4475mJkwGIUxvDkwuxe/EFdPkXDGBxzdGrW1iuh5K8kl8KRGJ9wh1HU4TrghGdhn0Lw8g=
    G67Dmb5cBhY9DGwq0CDnrpKZV3cQIDAQAB,EN,2,galvin(_at_)tis(_dot_)com

The MIME-PEM document cautions against use of an unverified public key 
received in this manner.  

Given that, my proposal is to not allow the public key to be transferred in
this way as part of the pem-signature data.

Instead, use only the other identifiers such as email name:

Originator-ID:EN,2,galvin(_at_)tis(_dot_)com

Where email name would be used to find the public key.  If a sender wanted 
to send a public key along with a signed message, relegate it to 
pemkey-data .  Then recipient can decide to verify the public key or accept
it unverified. This is preferable to sending a possibly incorrect key/name 
in the signature data.

Along similar lines, some have suggested not transmitting names to prevent 
traffic analysis.  Others have suggested a public key hash to prevent 
factoring the modulus.  I assume that means the Originator-ID would then 
have either a public-key hash or a public-key hash/name combination as has 
been suggested.

The attraction of the public key hash by itself is that its a convenient 
handle for retrieving a public key/identifier from a table.   

Business and personal stuff require me to be unavailable for the next 
couple of weeks so thanks to everyone for their responses to my questions 
etc. and ... Happy New Year.

Phil
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • PK identifier issue, Phil Smiley <=
Previous by Date:  New Year's thought..., Jeff Thompson
Next by Date:  exposed public keys in databases, Jeff Thompson
Previous by Thread:  New Year's thought..., Jeff Thompson
Next by Thread:  exposed public keys in databases, Jeff Thompson
Indexes:  [Date] [Thread] [Top] [All Lists]