Re: PublicKeyFile Format Security Considerations

["Brent McClure" <mcclure%swcp.com@localhost>]

----- Original Message -----
From: "Bill Sommerfeld" <sommerfeld%east.sun.com@localhost>
> The big one which jumps out at me is:
>
>  - by design, the file format does not provide meaningful integrity
> protection or authentication of the contents (i.e., this is not a
> certificate) so you have to be careful with how you move the file
> around and how you store it..
>
> - Bill

Bill, Thanks for the help. 

Here's another crack at it.

--Brent

----
Security Considerations

  The file format described by this document provides no mechanism
  to verify the integrity or otherwise detect tampering of the
  data stored in such files. It is the responsibility of the parties
  that create or exchange files written in this format to ensure that 
  appropriate access controls are applied to such files, and that 
  the files, if transfered, are exchanged over a trusted channel.

  The data encoded using this file format is sensitive. Implementors
  are cautioned to verify the correctness of the encoding/decoding
  routines used to save and read files in this format. A malfunctioning
  decoder used to read a public-key file will most likely produce 
  unsound data of unknown cryptographic properties that in the worst
  case could be vulnerable various forms of cryptographic attack.

  This file format allows for headers that contain data associated with
  a public key. This header data could contain an unlimited range of
  information. While in many environments the information conveyed by a 
  "Subject:" header would be considered innocuous public information, the
  potential exposure of information through header data should be 
  reviewed by sites that deploy this file format.

----