On 8/6/11 7:43 AM, "Leif Johansson" <[email protected]> wrote: > So in that case I still support having the spec explain (very carefully) > how you do "raw keys" - i.e keys with no intrinsic semantics - and then > also adding the cryptographers caveat to that.
To be clear, when I was talking about raw keys, I didn't mean keys with no intrinsic semantics. I just meant something along the lines of PKCS1; a modulus, an exponent, some algorithm info, and that's about it (I'd be ok with defining private keys in the same format as well). It would have defined semantic, it just wouldn't be tied to an identity. A definite goal for me that is NOT met by PKCS1 however, is to *limit* the choices and extensibility in certain directions to reduce the overall complexity. Of course, once you've got primitives for sign and encrypt and you've got a key format, doing something like PKIX is possible. Perhaps we could sketch that out as potential follow-on work in the charter, so we can make progress on some of the shorter-term stuff first? -- Joe Hildebrand _______________________________________________ woes mailing list [email protected] https://www.ietf.org/mailman/listinfo/woes
