On Sep 18, 2014, at 11:46 AM, Rene Struik <rstruik....@gmail.com> wrote:
> It seems that the cryptographic literature needs to be rewritten now ... > > == > Anything you can do with a cert, you can do with raw public keys, and you > don't need CA's. See RFC4871 for an example. I would have thought it was the opposite: anything you can do with raw keys you can do with certificates. Raw keys cannot prove an assertion that a certain claimed name is bound to a certain key. In the case of self-signed certs you only get the advantages of having a data structure and code that is understood and well vetted, but with either a PKI or a web of trust you do get benefits from using Certs. You also get usage policy restrictions, which cannot be expressed with raw keys. > > On 9/18/2014 11:36 AM, Michael Thomas wrote: >> On 09/18/2014 08:31 AM, Markus Stenberg wrote: >>> whether your authorization policy is leap of faithy, or strict ’these are >>> the authorized CAs/individual certs’, there is no way to express same >>> things with raw public keys (or you wind up with new X509, which is in >>> nobody’s best interest). >>> >> >> >> >> Mike >> >> _______________________________________________ >> homenet mailing list >> homenet@ietf.org >> https://www.ietf.org/mailman/listinfo/homenet > > > -- > email: rstruik....@gmail.com | Skype: rstruik > cell: +1 (647) 867-5658 | US: +1 (415) 690-7363 > > _______________________________________________ > homenet mailing list > homenet@ietf.org > https://www.ietf.org/mailman/listinfo/homenet _______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
