[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[OAUTH-WG] RSA vs PKI?

From: Brian Eaton <beaton at google.com>
To: faynberg at alcatel-lucent.com
Cc: "oauth at ietf.org" <oauth at ietf.org>
Date: Fri, 6 Nov 2009 09:20:53 -0800

[switching subject line to fork discussion]

Hey Igor -

On Thu, Nov 5, 2009 at 7:49 PM, Igor Faynberg
<faynberg at alcatel-lucent.com> wrote:
> One question: Is RSA is really essential here? I  think not (why not use ECC
> or any other PKI algorithm instead?). So, I would agree with Brian so long
> as RSA is replaced with PKI.

Interesting point, and I'm not sure I fully understand what you are getting at.

The choice of RSA-SHA1 vs RSA-SHA256 vs ECC vs DSA-SHA1 vs <whatever
comes out next week> seems to be about cryptographic security.  What
algorithms do we want to use?  How are we going to migrate from older
algorithms to new algorithms as the old ones are broken?  What are the
efficiency vs security trade-offs?

PKI, on the other hand, doesn't seem to be about security in the
cryptographic sense.  It's more about key discovery, and trust.  How
do you find the consumer's public key?

Have I understood where you are headed?

Cheers,
Brian

Follow-Ups:
- Re: [OAUTH-WG] RSA vs PKI?
  - From: Infinity Linden (Meadhbh Hamrick)

Prev by Date: Re: [OAUTH-WG] RSA signing and web delegation
Next by Date: Re: [OAUTH-WG] RSA signing and web delegation
Previous by thread: [OAUTH-WG] RSA signing and web delegation
Next by thread: Re: [OAUTH-WG] RSA vs PKI?
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.