[messaging] Fwd: alternative to OpenPGP?

Tony Arcieri bascule at gmail.com
Fri Aug 14 11:11:31 PDT 2015

On Fri, Aug 14, 2015 at 11:07 AM, Mansour Moufid <mansourmoufid at gmail.com>

> Key ID is interesting for another reason: it's an indicator of an
> outdated methodology

KIDs are definitely not an "outdated methodology" for a lot of use cases.
JOSE is a expansive, comprehensive standard that's trying to cover many use
cases (which is probably a bad idea, but I digress). For replacing
something like CMS in an infrastructural / service-to-service use case, you
definitely want to record the key used to encrypt a particular message. The
same goes for things like encrypted bearer tokens (i.e. JWT)

When you're talking about person-to-person messaging though, clearly there
are other, better options which don't involve publicly revealing a
personally identifiable KID.

Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20150814/cc9750ad/attachment.html>

More information about the Messaging mailing list