- From: Stephen Kent <kent@bbn.com>
- Date: Tue, 22 Feb 2011 19:56:55 -0500
- To: Henry Story <henry.story@bblfish.net>
- Cc: WebID Incubator Group WG <public-xg-webid@w3.org>, keyassure@ietf.org
At 10:17 AM +0100 2/22/11, Henry Story wrote: >... > > >> I don't think that most users, who often can't even tell if they >>have contacted a TLS-secured site, would think of a public key as >>part of the identity for the service. I also don't think that most >>of them think about the port either. > >I was not speaking to most users but to this group of security >specialists during a discussion on a protocol. The public key is a >definite description that uniquely identifies the agent for the >purpose of computers, not for the general public. The context you envisioned was not clear from your statement. a public key can be a UID for an object, but I'd hesitate to call it descriptive. >... > >I am aware of symmetric cryptography's role. But it is public key >cryptography that is core in authenticating the server, and setting >up the symmetric crypto channel. Symmetric cryptography is used >because it is less cpu intensive. I think it best to be precise when discussing what one would like to see become a standard. Steve
Received on Wednesday, 23 February 2011 02:14:38 UTC