Re: [woes] Naked Public Key, was: RE: Proposed charter, post-Quebec edition

Leif Johansson <> Fri, 05 August 2011 08:26 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 8B53B21F8BC3 for <>; Fri, 5 Aug 2011 01:26:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -3.399
X-Spam-Status: No, score=-3.399 tagged_above=-999 required=5 tests=[AWL=-0.800, BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Tv561dpvtKtD for <>; Fri, 5 Aug 2011 01:26:45 -0700 (PDT)
Received: from ( [IPv6:2001:948:4:1::66]) by (Postfix) with ESMTP id 155E921F8BB0 for <>; Fri, 5 Aug 2011 01:26:44 -0700 (PDT)
Received: from [] ( []) (authenticated bits=0) by (8.14.3/8.14.3) with ESMTP id p758Qtef018387 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <>; Fri, 5 Aug 2011 10:26:59 +0200 (CEST)
Message-ID: <>
Date: Fri, 05 Aug 2011 10:26:55 +0200
From: Leif Johansson <>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/20110617 Lightning/1.0b2 Thunderbird/3.1.11
MIME-Version: 1.0
References: <b9332337-4efa-4355-93a9-7866a5506bb5@default>
In-Reply-To: <b9332337-4efa-4355-93a9-7866a5506bb5@default>
X-Enigmail-Version: 1.1.1
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [woes] Naked Public Key, was: RE: Proposed charter, post-Quebec edition
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Web Object Encryption and Signing \(woes\) BOF discussion list" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 05 Aug 2011 08:26:50 -0000

Hash: SHA1

On 08/04/2011 10:48 PM, Hal Lockhart wrote:
>> 3) A Standards Track document specifying how to encode public 
>> keys as JSON-structured objects.
> I would like to push back on the idea of only supporting naked public keys. It is my understanding that common cryto libraries, e.g. OpenSSL, expect public keys to be in certificates and the coding to get them to accept a naked key as input is ugly. I don't think they care if the cert is self signed or even signed at all, its just a format issue.

There is a huge difference between a crypto library and a PKIX stack.

Libraries like OpenSSL are mostly about implementing PKIX, the crypto
being a comparatively small part.

Carrying something like OpenSSL just to be able to sign stuff when
you don't require the semantics of a PKIX stack is an unnecessary

Having the ability to do raw keys is useful.

	Cheers Leif
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla -