[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: A PKI Question: PKCS11-> PKCS12

To: "'lynn.wheeler@xxxxxxxxxxxxx'" <lynn.wheeler@xxxxxxxxxxxxx>
Subject: RE: A PKI Question: PKCS11-> PKCS12
From: Hal Lockhart <hal.lockhart@xxxxxxxxxxxxx>
Date: Wed, 28 Nov 2001 11:37:02 -0500
Cc: ietf-pkix@xxxxxxx, owner-ietf-pkix@xxxxxxxxxxxx, "'RAGHAVENDRAN H. (SSG) - CTD, Chennai.'" <raghavh@xxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

Title: RE: A PKI Question: PKCS11-> PKCS12

> PKI key operations can be put into two categories .... authentication
> (digital signatures) and secrecy/privacy (encryption).

I know this is the orthodox theory, but in practice IETF PKI protocols and applications make this difficult or impossible. Generally one key is used for Authentication and Key exchange, effectively encryption.

That's how TLS and IKE work. Just try using two keys with Outlook.

Hal

Prev by Date: RE: Copying smart cards. Was: A PKI Question: PKCS11-> PKCS12
Next by Date: RE: Copying smart cards. Was: A PKI Question: PKCS11-> PKCS12
Previous by thread: Re: A PKI Question: PKCS11-> PKCS12
Next by thread: RE: A PKI Question: PKCS11-> PKCS12
Index(es):
- Date
- Thread