On Sep 18, 2014, at 8:57 AM, David R Oran <daveo...@orandom.net> wrote:
> > On Sep 18, 2014, at 11:46 AM, Rene Struik <rstruik....@gmail.com> wrote: > >> It seems that the cryptographic literature needs to be rewritten now ... >> >> == >> Anything you can do with a cert, you can do with raw public keys, and you >> don't need CA's. See RFC4871 for an example. > I would have thought it was the opposite: > anything you can do with raw keys you can do with certificates. > > Raw keys cannot prove an assertion that a certain claimed name is bound to a > certain key. In the case of self-signed certs you only get the advantages of > having a data structure and code that is understood and well vetted, but with > either a PKI or a web of trust you do get benefits from using Certs. You also > get usage policy restrictions, which cannot be expressed with raw keys. Agreed and this whole discussion is deju vu all over again for me, and no longer very interesting. What's more important than the container is how keys come to get authorized or rejected, what authorization "means" and how to revoke it, do an on-line test, etc. As someone on this thread has asked: Has any of this been written down? Requirements, use cases, threat analysis should all help to inform our decision about what format to use. Mark > >> >> On 9/18/2014 11:36 AM, Michael Thomas wrote: >>> On 09/18/2014 08:31 AM, Markus Stenberg wrote: >>>> whether your authorization policy is leap of faithy, or strict ’these are >>>> the authorized CAs/individual certs’, there is no way to express same >>>> things with raw public keys (or you wind up with new X509, which is in >>>> nobody’s best interest). >>>> >>> >>> >>> >>> Mike >>> >>> _______________________________________________ >>> homenet mailing list >>> homenet@ietf.org >>> https://www.ietf.org/mailman/listinfo/homenet >> >> >> -- >> email: rstruik....@gmail.com | Skype: rstruik >> cell: +1 (647) 867-5658 | US: +1 (415) 690-7363 >> >> _______________________________________________ >> homenet mailing list >> homenet@ietf.org >> https://www.ietf.org/mailman/listinfo/homenet > > _______________________________________________ > homenet mailing list > homenet@ietf.org > https://www.ietf.org/mailman/listinfo/homenet > > _______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
