Re: "known in advance" public key authentication?

help-gnutls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: "known in advance" public key authentication?

From:	Daniel Kahn Gillmor
Subject:	Re: "known in advance" public key authentication?
Date:	Wed, 07 Nov 2012 12:11:14 -0500
User-agent:	Mozilla/5.0 (X11; Linux i686; rv:10.0.10) Gecko/20121028 Icedove/10.0.10

On 11/07/2012 11:32 AM, Ivan Shmakov wrote:
>       To put it short, the application in question uses
>       “self-certified identifiers”; i. e., the public key /is/ the
>       identifier of the peer.  Thus, there doesn't seem to be any
>       reason whatsoever to sign the public keys used, and both X.509
>       and OpenPGP hence become of little use.

yes, understood.  Given the ubiquity of these certificate formats, the
simplest thing for you to do with your application is to treat the
certificate format as a (bulky, overcomplicated) container format for
your public key material.

Self-signed certificates (or even un-signed certificates with a bogus
signing mechanism) are perfectly capable of transporting public key
material.

        --dkg

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

"known in advance" public key authentication?, Ivan Shmakov, 2012/11/07
- Re: "known in advance" public key authentication?, Graham Murray, 2012/11/07
  - Re: "known in advance" public key authentication?, Daniel Kahn Gillmor, 2012/11/07
    - Re: "known in advance" public key authentication?, Ivan Shmakov, 2012/11/07
    - Re: "known in advance" public key authentication?, Daniel Kahn Gillmor <=
    - Re: "known in advance" public key authentication?, Nikos Mavrogiannopoulos, 2012/11/07
    - Re: "known in advance" public key authentication?, Ivan Shmakov, 2012/11/11
    - Re: "known in advance" public key authentication?, Nikos Mavrogiannopoulos, 2012/11/13
    - Re: "known in advance" public key authentication?, Ivan Shmakov, 2012/11/13
    - Re: "known in advance" public key authentication?, Nikos Mavrogiannopoulos, 2012/11/14
    - Re: "known in advance" public key authentication?, Ivan Shmakov, 2012/11/19
  - Re: "known in advance" public key authentication?, Ivan Shmakov, 2012/11/07
- Re: "known in advance" public key authentication?, Ilari Liusvaara, 2012/11/07
- Re: "known in advance" public key authentication?, Florian Weimer, 2012/11/07
  - Re: "known in advance" public key authentication?, Nikos Mavrogiannopoulos, 2012/11/07

Prev by Date: Re: "known in advance" public key authentication?
Next by Date: Re: "known in advance" public key authentication?
Previous by thread: Re: "known in advance" public key authentication?
Next by thread: Re: "known in advance" public key authentication?
Index(es):
- Date
- Thread