[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Certificate requests for encryption keys

To: Anne Anderson - Sun Microsystems <aha@xxxxxxxxxxxx>
Subject: Re: Certificate requests for encryption keys
From: Stephen Kent <kent@xxxxxxx>
Date: Tue, 8 Jun 1999 15:47:53 -0400
Cc: <ietf-pkix@xxxxxxx>, aha@xxxxxxxxxxxx
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <><>
Sender: owner-ietf-pkix@xxxxxxx

Anne,

Certs with keys used only for encryption, vs. signing, are still bound to
an identity in the X.509 world.  For exmaple, in S/MIME, one uses such a
key to encrypt a message (more precisely the CEK for the message) for a
specified recipient.  Thus, the sender relies on a CA to have verified the
subject name in that encryption-only cert.  So, I don't think your
characterization of when identity verification is important in signature
vs. encryption certs is a good one.

Steve

References:
- Re: Certificate requests for encryption keys
  - From: Bob Jueneman
- Re: Certificate requests for encryption keys
  - From: Anne Anderson - Sun Microsystems

Prev by Date: RE: Possible clarification to RFC 2459
Next by Date: Re: Certificate requests for encryption keys
Previous by thread: Re: Certificate requests for encryption keys
Next by thread: Re: Certificate requests for encryption keys
Index(es):
- Date
- Thread