[prev in list] [next in list] [prev in thread] [next in thread] 

List:       moderncrypto-messaging
Subject:    [messaging] Fwd: alternative to OpenPGP?
From:       bascule () gmail ! com (Tony Arcieri)
Date:       2015-08-14 18:11:31
Message-ID: CAHOTMVJPkisZQ0+-sfEEifNQ3Dz1m+KDFsr2eFomh8WL8TCV4w () mail ! gmail ! com
[Download RAW message or body]

On Fri, Aug 14, 2015 at 11:07 AM, Mansour Moufid <mansourmoufid at gmail.com>
wrote:

> Key ID is interesting for another reason: it's an indicator of an
> outdated methodology


KIDs are definitely not an "outdated methodology" for a lot of use cases.
JOSE is a expansive, comprehensive standard that's trying to cover many use
cases (which is probably a bad idea, but I digress). For replacing
something like CMS in an infrastructural / service-to-service use case, you
definitely want to record the key used to encrypt a particular message. The
same goes for things like encrypted bearer tokens (i.e. JWT)

When you're talking about person-to-person messaging though, clearly there
are other, better options which don't involve publicly revealing a
personally identifiable KID.

-- 
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20150814/cc9750ad/attachment.html>

[prev in list] [next in list] [prev in thread] [next in thread]