On 9/18/14, 8:57 AM, David R Oran wrote:
On Sep 18, 2014, at 11:46 AM, Rene Struik <[email protected]> wrote:
It seems that the cryptographic literature needs to be rewritten now ...
==
Anything you can do with a cert, you can do with raw public keys, and you don't
need CA's. See RFC4871 for an example.
I would have thought it was the opposite:
anything you can do with raw keys you can do with certificates.
FWIW, this is also true even though the rest wasn't. You can always
strip the x509 coating
and use the raw keys, yes. Which begs the question of why use the
coating if it's not
doing anything useful, which is pretty much the situation with
self-signed certs.
To paraphrase:
'Some people, when confronted with a security problem, think "I know,
I'll use certificates." Now they have two problems.'
Mike
_______________________________________________
homenet mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/homenet
