All this talk about trying to gateway client certs has got me thinking about something I saw last week in the PGP-8.0 docs.
They have this concept of "additional decryption keys". Apparently you can configure PGP so that even though you are the only one with your key-pair, when you encrypt a message to someone else, it is co-signed with this "additional" key. This is for corporate use where the company always wants to be able to decrypt your email (say, if you leave), but this additional key only allows decrypt - not encrypt rights - so they still can't forge (i.e. the authenticity of your cert is not degraded). Is this some hack, or would such things be possible within SSL? My main thought is for being able to decrypt S/MIME mail, without needing the originators cert (same reason: corporate use) -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
