On Fri, Aug 14, 2015 at 11:07 AM, Mansour Moufid <[email protected]> wrote:
> Key ID is interesting for another reason: it's an indicator of an > outdated methodology KIDs are definitely not an "outdated methodology" for a lot of use cases. JOSE is a expansive, comprehensive standard that's trying to cover many use cases (which is probably a bad idea, but I digress). For replacing something like CMS in an infrastructural / service-to-service use case, you definitely want to record the key used to encrypt a particular message. The same goes for things like encrypted bearer tokens (i.e. JWT) When you're talking about person-to-person messaging though, clearly there are other, better options which don't involve publicly revealing a personally identifiable KID. -- Tony Arcieri
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
