[messaging] Fwd: alternative to OpenPGP?

Tony Arcieri bascule at gmail.com
Fri Aug 14 11:11:31 PDT 2015


On Fri, Aug 14, 2015 at 11:07 AM, Mansour Moufid <mansourmoufid at gmail.com>
wrote:

> Key ID is interesting for another reason: it's an indicator of an
> outdated methodology


KIDs are definitely not an "outdated methodology" for a lot of use cases.
JOSE is a expansive, comprehensive standard that's trying to cover many use
cases (which is probably a bad idea, but I digress). For replacing
something like CMS in an infrastructural / service-to-service use case, you
definitely want to record the key used to encrypt a particular message. The
same goes for things like encrypted bearer tokens (i.e. JWT)

When you're talking about person-to-person messaging though, clearly there
are other, better options which don't involve publicly revealing a
personally identifiable KID.

-- 
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20150814/cc9750ad/attachment.html>


More information about the Messaging mailing list