Re: PublicKeyFile Format Security Considerations

To: "Brent McClure" <mcclure%swcp.com@localhost>
Subject: Re: PublicKeyFile Format Security Considerations
From: Bill Sommerfeld <sommerfeld%east.sun.com@localhost>
Date: Fri, 25 Jul 2003 11:31:18 -0400

> Security Considerations
> 
>   There are no known security issues raised by this document.

Sorry, this is a good way to get laughed at by the IESG these days.

This is an out of band exchange format for public keys, so it's
going to be shovelled around between systems. 

The big one which jumps out at me is:

 - by design, the file format does not provide meaningful integrity
protection or authentication of the contents (i.e., this is not a
certificate) so you have to be careful with how you move the file
around and how you store it..

					- Bill

Follow-Ups:
- Re: PublicKeyFile Format Security Considerations
  - From: Brent McClure

References:
- PublicKeyFile Format Security Considerations
  - From: Brent McClure

Prev by Date: PublicKeyFile Format Security Considerations
Next by Date: Updated Publickey draft
Previous by Thread: PublicKeyFile Format Security Considerations
Next by Thread: Re: PublicKeyFile Format Security Considerations
Indexes:

Home | Main Index | Thread Index | Old Index