[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Certificate requests for encryption keys

To: ietf-pkix@xxxxxxx
Subject: Re: Certificate requests for encryption keys
From: "David P. Kemp" <dpkemp@xxxxxxxxxxxxxx>
Date: Tue, 8 Jun 1999 13:55:37 -0400 (EDT)
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Reply-to: "David P. Kemp" <dpkemp@xxxxxxxxxxxxxx>
Sender: owner-ietf-pkix@xxxxxxx


> From: "Bob Jueneman" <BJUENEMAN@novell.com>
>
>  [...]
> 
> Our working, temporary expedient, along the lines of your #1,
> is to type the private key for both encryption and signature, but to 
> only turn on the encryption bit in the certificate.  But that's an 
> admittedly ugly hack.  Worse yet, it won't work at all with a 
> DH encryption key.
> 
> The real question is what are existing CAs prepared to support
> with respect to more advanced POP protocols?



You mean "more advanced protocols" such as the one defined in
PKIX RFC 2510/2511?  I believe there is at least one CA which
supports POP for key transport (RSA) and key agreement (DH or KEA)
keys in the standard manner.

Prev by Date: RE: Possible clarification to RFC 2459
Next by Date: RE: Possible clarification to RFC 2459
Previous by thread: Re: Certificate requests for encryption keys
Next by thread: RE: Certificate requests for encryption keys
Index(es):
- Date
- Thread