Re: [woes] Naked Public Key, was: RE: Proposed charter, post-Quebec edition

Leif Johansson <> Fri, 05 August 2011 12:43 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B238821F8B00 for <>; Fri, 5 Aug 2011 05:43:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -3.266
X-Spam-Status: No, score=-3.266 tagged_above=-999 required=5 tests=[AWL=-0.667, BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id nHpbXLkF2rij for <>; Fri, 5 Aug 2011 05:43:21 -0700 (PDT)
Received: from ( [IPv6:2001:948:4:1::66]) by (Postfix) with ESMTP id 3E06A21F8AF7 for <>; Fri, 5 Aug 2011 05:43:21 -0700 (PDT)
Received: from [] ( []) (authenticated bits=0) by (8.14.3/8.14.3) with ESMTP id p75ChXIx029730 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <>; Fri, 5 Aug 2011 14:43:37 +0200 (CEST)
Message-ID: <>
Date: Fri, 05 Aug 2011 14:43:33 +0200
From: Leif Johansson <>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/20110617 Lightning/1.0b2 Thunderbird/3.1.11
MIME-Version: 1.0
References: <b9332337-4efa-4355-93a9-7866a5506bb5@default> <> <>
In-Reply-To: <>
X-Enigmail-Version: 1.1.1
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [woes] Naked Public Key, was: RE: Proposed charter, post-Quebec edition
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Web Object Encryption and Signing \(woes\) BOF discussion list" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 05 Aug 2011 12:43:26 -0000

Hash: SHA1

On 08/05/2011 02:11 PM, Phillip Hallam-Baker wrote:
> Support for naked keys is useful.
> Lack of support for certificates where needed would be unacceptable and
> render the format unsuited for many of the applications we need it for.
> Certificates are pretty simple to deal with. The problems that they are used
> to address are not simple.

I also think you need both. Sometimes you need to use a key for both
signing and TLS for instance.

> Whatever you thought of the 'Trust Router' proposal made at last IETF, it is
> certainly no simpler than the PKI based approach and that is before they
> have put it in operation and found the operational requirements.

I don't think that proposal is targeted for anything that comes even
remotely close to signed objects. Lets not go there.

	Cheers Leif
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla -