> Am 02.04.2015 um 19:12 schrieb Viktor Dukhovni <ietf-d...@dukhovni.org>: > > On Thu, Apr 02, 2015 at 06:52:33PM +0200, Christian R??ner wrote: > >>> libsmaug uses these labels (as well as our soon-to-be available >>> provisioning portal). >> >> Just a question for ._encr and ._sign: >> >> Do you really plan to store private keys in public DNS? Is it, what ._sign >> will be used for? Isn?t this really a security issue? > > No they are public keys in both cases. Some public keys are for > signing only, others are for encryption (which means that they can > receive encrypted content).
Ok, seems I have to learn a lot more about security. I always thought that a pair of keys consist of one public key and one private key and that the public key is distributed for those who want to encrypt mail and that the private key is used for decryption. At the other hand using that private key for signing mails and giving others the chance to verify with the published public key. Is that wrong thinking? I never knew that you can use a public key for signing. Or at least I never tried. Sorry, if I ask :-) Christian
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dane mailing list dane@ietf.org https://www.ietf.org/mailman/listinfo/dane