[975] in WWW Security List Archive
RE: N$ SSL vs M$ PCT
daemon@ATHENA.MIT.EDU (Donald E. Eastlake 3rd)
Mon Oct 2 21:42:01 1995
Date: Mon, 2 Oct 1995 17:17:04 -0400 (EDT)
From: "Donald E. Eastlake 3rd" <dee@cybercash.com>
To: Jonathon Tidswell <t-jont@microsoft.com>
Cc: JohnHemming@mkn.co.uk, www-security@ns2.rutgers.edu
In-Reply-To: <9510020925.AA25092@netmail2.microsoft.com>
Errors-To: owner-www-security@ns2.rutgers.edu
There are also people who believe that you might be legally forced to
reveal your encryption key, in a criminal investigation perhaps, but
there would be no legal reason to force you to reveal your private
signing key. Thus, with separate keys, while you might lose privacy, you
still don't lose authenticatability.
Donald
On Mon, 2 Oct 1995, Jonathon Tidswell wrote:
>
> At the risk of getting my head cut off
> [ I have had no part in the PCT effort and have done no more than skim
> the draft. ]
>
> "John Hemming CEO MarketNet" <JohnHemming@mkn.co.uk> wrote:
>
> | 2. Message authentication uses different keys to the encryption keys. How
> | this helps, apart from making implementation harder, I cannot quite
> fathom. We
> | should not be using this secure channel protocol for proper message
> authentication
> | only. The MAC (Message Authentication Code) is not what I would use for
> | authentication from a legal and contractual background. I prefer
> Digitally Signed
> | Instructions.
>
> I thought this was to allow the use of stronger keys for authentication
> while still using weak keys for encryption (ITAR rearing its ugly head.)
>
> - Jon T
>
>
>
=====================================================================
Donald E. Eastlake 3rd +1 508-287-4877(tel) dee@cybercash.com
318 Acton Street +1 508-371-7148(fax) dee@world.std.com
Carlisle, MA 01741 USA +1 703-620-4200(main office, Reston, VA)
