Re: SymKey/PubKey/Cert - 3 "Parallel Universes"

On Wed, Aug 15, 2012 at 11:24 PM, Anders Rundgren
<anders.rundgren@telia.com> wrote:
> It seems to me that the WebCrypto approach leads to duplication of things that are already available in certificates such as Validity, Subject Attributes and Fingerprints.

This is no different than the existing approaches in PKCS#11 or CDSA,
and reflects the general desire for the use of keys independent of
certificates.

While I realize that some schemes propose to unify all objects as
such, and such approaches will work within the proposed API, there is
not consensus to limit the scope to just such an API. Further, doing
so would prevent some of the chartered tasks from being accomplished.

>
> Just for your information it might be interesting (?) to know that the scheme used in SKS (Secure Key Store) makes these three key-types only differ on secret/private key data.
>
> This has pretty far-fetching consequences for the rest of the system like GUIs, Search Filters, and Key-Management.  AFAIK few systems out there are able to deal with raw public keys only so you probably do yourself a favor by always representing them locally as certificates.

Thank you for your opinion. This is not something that reflects the
use cases or charter goals.

>
> Note: this discussion is only relevant for persistent keys, session keys (IMO) do not need any attributes, an opaque handle suffice.
>
> Anders
>

Received on Thursday, 16 August 2012 18:11:17 UTC