[messaging] Advertising public key in email (was: TOFU to ease PGP key discovery)

[Mike Hearn]

>
> Are you using the same key for signing as for encryption with this
> setup, or does your S/MIME cert somehow have a separate signing key from
> an encryption key?


With the free Comodo certs you get one key. But sometimes for other setups
you have two keys, one for signing and one for encryption.

I think the idea behind this is that the signing key has no copies and this
policy can be enforced by the HSM firmware that generates it. Because, if
you lose a signing key, you can just revoke it and generate a new one. The
encryption key is generated in a different way that would allow for backups
and copies to be made. Thus signing with the encryption key gives you lower
assurance, because someone might have stolen it from a backup. But with the
signing/"non repudiation" key, there are no backups anywhere and thus it's
safer.

This can be enforced with key usage flags in the certificate.

My gut feeling is that this complexity causes more problems than it solves.
Before the dreaded OS X Yosemite upgrade, my signing stick worked for
encryption just fine. Post Yosemite now the OS seems to think it's only
usable for signing. I suspect the key usage restrictions are somehow
involved.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20150211/30e1de18/attachment.html>