|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Valdis.Kletnieks
vt.edu
Date: Wed Feb 06 2008 - 10:39:31 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed, 06 Feb 2008 17:23:49 +0100, Christoph Gruber said:
> If you are able to use PGP/GPG/S/Mime you HAVE already an implemented
> PKI. Why should someone use PKI to initialize another?
There's this thing called "The Real World", where often you end up doing
stuff like this because something is just plain busticated. For instance,
https gives us:
a PKI that allows us to use RSA or similar to verify the other end's identity
and exchange a shared-secret to use as a symmetric session key.
Unfortunately, there's cases where you don't *have* https available (as noted
in the original posting). So what do you do? You roll-your-own using
PGP or S/MIME to verify identities (if it isn't who it claims to be from,
it won't decrypt) and exchange a shared secret, and then use JaPCrypt to
do the symmetric encryption.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFHqeLDcC3lWbTT17ARAvbxAKD1nj9Vz2TAPmZYpFSO0aN352M63wCfXiGX
6RxKRU5ROLE4fQRYny0hfKU=
=SPDS
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]