SymKey/PubKey/Cert - 3 "Parallel Universes"

It seems to me that the WebCrypto approach leads to duplication of things that are already available in certificates such as Validity, Subject Attributes and Fingerprints.

Just for your information it might be interesting (?) to know that the scheme used in SKS (Secure Key Store) makes these three key-types only differ on secret/private key data.

This has pretty far-fetching consequences for the rest of the system like GUIs, Search Filters, and Key-Management.  AFAIK few systems out there are able to deal with raw public keys only so you probably do yourself a favor by always representing them locally as certificates.

Note: this discussion is only relevant for persistent keys, session keys (IMO) do not need any attributes, an opaque handle suffice.

Anders

Received on Thursday, 16 August 2012 06:26:20 UTC