Re: [woes] Naked Public Key, was: RE: Proposed charter, post-Quebec edition

Joe Hildebrand <> Sat, 06 August 2011 19:29 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id ED34321F866A for <>; Sat, 6 Aug 2011 12:29:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id NxOKakGha4Q8 for <>; Sat, 6 Aug 2011 12:29:51 -0700 (PDT)
Received: from ( []) by (Postfix) with SMTP id 6E71021F85B5 for <>; Sat, 6 Aug 2011 12:29:51 -0700 (PDT)
Received: from SRV-EXSC03.webex.local ([]) by with Microsoft SMTPSVC(6.0.3790.4675); Sat, 6 Aug 2011 12:30:11 -0700
Received: from ([]) by SRV-EXSC03.webex.local ([]) with Microsoft Exchange Server HTTP-DAV ; Sat, 6 Aug 2011 19:30:11 +0000
User-Agent: Microsoft-Entourage/
Date: Sat, 06 Aug 2011 13:30:08 -0400
From: Joe Hildebrand <>
To: Leif Johansson <>, Eric Rescorla <>
Message-ID: <>
Thread-Topic: [woes] Naked Public Key, was: RE: Proposed charter, post-Quebec edition
Thread-Index: AcxUb0ATTo5ioJnNXkaPprNd5Mo5uQ==
In-Reply-To: <>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
X-OriginalArrivalTime: 06 Aug 2011 19:30:11.0579 (UTC) FILETIME=[42353CB0:01CC546F]
Cc: "" <>
Subject: Re: [woes] Naked Public Key, was: RE: Proposed charter, post-Quebec edition
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Web Object Encryption and Signing \(woes\) BOF discussion list" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 06 Aug 2011 19:29:52 -0000

On 8/6/11 7:43 AM, "Leif Johansson" <> wrote:

> So in that case I still support having the spec explain (very carefully)
> how you do "raw keys" - i.e keys with no intrinsic semantics - and then
> also adding the cryptographers caveat to that.

To be clear, when I was talking about raw keys, I didn't mean keys with no
intrinsic semantics.  I just meant something along the lines of PKCS1; a
modulus, an exponent, some algorithm info, and that's about it (I'd be ok
with defining private keys in the same format as well).  It would have
defined semantic, it just wouldn't be tied to an identity.

A definite goal for me that is NOT met by PKCS1 however, is to *limit* the
choices and extensibility in certain directions to reduce the overall

Of course, once you've got primitives for sign and encrypt and you've got a
key format, doing something like PKIX is possible.  Perhaps we could sketch
that out as potential follow-on work in the charter, so we can make progress
on some of the shorter-term stuff first?

Joe Hildebrand