I'm a little behind here due to holidays, so bear with this late reply.
On Fri, 13 Jan 1995, Jeff Thompson wrote:
Are you saying you are going to use the key selector to encode the
device number of the smart card and where in the smart card the key is
to be found? (!)
No, because I won't be supporting smart cards in the near future. :-) I
don't care whether one uses device numbers, letters of the alphabet, or
"the pink one with the picture of the President on it". My original
response was to people who wanted to do away with key selectors and do
away with using the public key as a selector and not identifying the key
in any way whatsoever.
The claim was that "try everything until one works" was a valid method to
determine which key was used to sign or encrypt. It is valid technically,
but not practically. Trying all smart cards until one works is going to
be a very long-winded process which the user will get sick of very
quickly. Especially if she receives hundreds of encrypted e-mail messages
per day for a dozen different roles (assuming each role has a different
smart card).
The key selector (even if only a public key or digest of a public key)
allows the UA to say "insert the pink one with the picture of the
President on it" after looking up a local database which maps key
selectors to actual smart cards. Choose whatever representation you want
for the selector, taking into account the sensitivity of certain values.
As long as you choose _something_. It is a local matter.
Cheers,
Rhys.
--
Rhys Weatherley, Queensland University of Technology, Brisbane, Australia.
E-mail: rhys(_at_)fit(_dot_)qut(_dot_)edu(_dot_)au "net.maturity is knowing
when NOT to followup"