W3C home > Mailing lists > Public > public-xg-webid@w3.org > February 2011

Re: [keyassure] publishing the public key

From: Stephen Kent <kent@bbn.com>
Date: Tue, 22 Feb 2011 19:56:55 -0500
Message-Id: <p06240803c98a0b49a5f9@[169.223.137.111]>
To: Henry Story <henry.story@bblfish.net>
Cc: WebID Incubator Group WG <public-xg-webid@w3.org>, keyassure@ietf.org
At 10:17 AM +0100 2/22/11, Henry Story wrote:
>...
>  >
>>  I don't think that most users, who often can't even tell if they 
>>have contacted a TLS-secured site, would think of a public key as 
>>part of the identity for the service. I also don't think that most 
>>of them think about the port either.
>
>I was not speaking to most users but to this group of security 
>specialists during a discussion on a protocol. The public key is a 
>definite description that uniquely identifies the agent for the 
>purpose of computers, not for the general public.

The context you envisioned was not clear from your statement. a 
public key can be a UID for an object, but I'd hesitate to call it 
descriptive.

>...
>
>I am aware of symmetric cryptography's role. But it is public key 
>cryptography that is core in authenticating the server, and setting 
>up the symmetric crypto channel. Symmetric cryptography is used 
>because it is less cpu intensive.

I think it best to be precise when discussing what one would like
to see become a standard.

Steve
Received on Wednesday, 23 February 2011 02:14:38 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:06:22 UTC