The PKC-only application security model ...
Eric Rescorla
ekr at networkresonance.com
Wed Jul 23 21:45:47 EDT 2008
At Wed, 23 Jul 2008 17:32:02 -0500,
Thierry Moreau wrote:
>
>
>
> Anne & Lynn Wheeler wrote about various flavors of certificateless
> public key operation in various standards, notably in the financial
> industry.
>
> Thanks for reporting those.
>
> No doubt that certificateless public key operation is neither new nor
> absence from today's scene.
>
> The document I published on my web site today is focused on fielding
> certificateless public operations with the TLS protocol which does not
> support client public keys without certificates - hence the meaningless
> security certificate. Nothing fancy in this technique, just a small
> contribution with the hope to facilitate the use of client-side PKC.
DTLS-SRTP
(http://tools.ietf.org/html/draft-ietf-sip-dtls-srtp-framework-02,
http://tools.ietf.org/html/draft-ietf-avt-dtls-srtp)
uses a similar technique: certificates solely as a key
carrier authenticated by an out-of-band exchange.
-Ekr
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list