-----BEGIN PGP SIGNED MESSAGE----- James Donald writes:
I was concerned about a different issue:
Suppose you have some signed information: You wish to send some encrypted information to the person who wrote that signed information.
If the signing key and the encrypting key are the same, your software can locally ensure that you encrypt with the right key, (The correct key is the same public key that you used to check the signature on the message.)
If the signing key and the encrypting key are different, then in order to ensure that you are not spoofed into using the wrong public key, the whole protocol must work correctly, exposing many more points of attack, since key management is the most complex and most vulnerable area.
OK, I think I understand the concern. I was assuming a model where the signing and encrypting keys are bound together in a certificate in some fashion. Presumably the encrypting key is signed by the signing key. The certificates are distributed & managed according to some protocols and policies that are orthogonal to the number of keys in a single certificate. Things get slightly more complicated if you want to update the encrypting and signing keys independently of each other. But offhand I don't see any new thorny issues arising. Disclaimer: I haven't read enough of the MSCAPI to have any idea how it proposes to handle the purpose-specific keys. Futplex <futplex@pseudonym.com> GO COWBOYS! -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMQv1IynaAKQPVHDZAQFawwf7BySS8rC/uugXjOtgBM/GU4VlQfdXSk9p XjaGP1fJiBeFxwtiJe26MqoPmqSNrvV3Bf/iVawUiB1mU+NQgcX6mf6kf7P05c2c JMsYzFaT468VDC7/uv2pc8NT0u70bbWW8lrSqmyFGBVvMnYDmHXN7XWywdMuB3mk BIG+zrcfFRVlrHkIGvz3Xzuaog3SVRCUxujozxw1vciY4EgRN2vvizuecNAa4R0j //vVNOiEAAPqAb/ZEG29Fc/LR7ecjcIihNA+pB/Dn9e5yyuX1H6yy4HNRn0RGaSx /lDIsLXYI3KsMWuiYENaR5aNcXzn68aM7IxOCEHjp59kLEAy8KxbJQ== =o0QD -----END PGP SIGNATURE-----