Re: [keyassure] publishing the public key

At 10:17 AM +0100 2/22/11, Henry Story wrote:
>  >
>>  I don't think that most users, who often can't even tell if they 
>>have contacted a TLS-secured site, would think of a public key as 
>>part of the identity for the service. I also don't think that most 
>>of them think about the port either.
>I was not speaking to most users but to this group of security 
>specialists during a discussion on a protocol. The public key is a 
>definite description that uniquely identifies the agent for the 
>purpose of computers, not for the general public.

The context you envisioned was not clear from your statement. a 
public key can be a UID for an object, but I'd hesitate to call it 

>I am aware of symmetric cryptography's role. But it is public key 
>cryptography that is core in authenticating the server, and setting 
>up the symmetric crypto channel. Symmetric cryptography is used 
>because it is less cpu intensive.

I think it best to be precise when discussing what one would like
to see become a standard.


Received on Wednesday, 23 February 2011 02:14:38 UTC