[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 11.2 Dual KeyIDs for RSA keys?

To: ietf-open-pgp@xxxxxxx
Subject: Re: 11.2 Dual KeyIDs for RSA keys?
From: dontspam-tzeruch@xxxxxxxxxx
Date: Sun, 19 Apr 1998 01:14:26 -0400
In-reply-to: <>
Sender: owner-ietf-open-pgp@xxxxxxx

On Sat, 18 Apr 1998, Jim Gillogly wrote:

> tzeruch wrote:
> > Generally, I think it would make sense to promote RSA keys to V4 format
> > (and assuming a V4 keyserver), but be able to export them in V3 format
> > when necessary.  The keyserver could find the key given either the V3 or
> > V4 keyid.
> 
> Looking forward to a "semantics" document (if it comes to that) to
> supplement the formats document, I'm uncomfortable making an explicit
> linkage between the V3 and V4 format RSA keys unless we have a good
> model of what signatures mean in this case.  If a signer signs one or
> the other format, would you assume that signature has the same meaning
> for the other format?  Would you have the Web of trust form the union
> of signatures on the two styles of key?  I suppose it makes sense, but
> I'd want to think through the implications further.  Certainly it would
> be sufficient to have each of your signers sign both formats, but it
> seems overly tricky to have to check a signature by failing, then
> converting the key to the other format and trying again.
> 
> 	Jim Gillogly

The actual essence of the key is the modulus and exponent in the case of
an RSA key (actually the Modulus - exponents would be subkeys).  So a V3,
and a V4 RSA key should mean the same "persistent identity" wherever the
N/E pair appears.  Same things applies for the public key parameter of DSS
or DH keys.

There is even a metacert group apparently trying to standardize on
something that will encompass all usages so one set of key parameters will
work everywhere.

About a year ago I converted my PGP key to an X509 certificate request and
had Verisign sign it when they were doing free user IDs, and should be
able to take a Verisign X509 cert, pull the moduli, create a PGP public
key that can verify the signatures (possibly giving it a high trust
level).

Since my implementation is SSLeay based, I already have most of the X509
style cert handling already available.  Conversion is usually figuring out
how to map the parameters (I usually use a oneline as the userid, and the
NotAfter gives the expiration date, etc.), and calling my keyout5 routine
with the x509 public key data.  I can also take my PGP secret key and
convert it to an SSLeay private key file.

I haven't looked at S/MIME in any detail yet, but from what I have seen it
shouldn't be too difficult to cross the boundary.

--- reply to tzeruch - at - ceddec - dot - com ---

References:
- Re: 11.2 Dual KeyIDs for RSA keys?
  - From: Jim Gillogly

Prev by Date: Re: 11.2 Dual KeyIDs for RSA keys?
Next by Date: Before I forget - two more spec questions
Previous by thread: Re: 11.2 Dual KeyIDs for RSA keys?
Next by thread: I-D ACTION:draft-ietf-openpgp-formats-02.txt
Index(es):
- Date
- Thread