[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Proposal for stating key type in Commonline subject lines

To: cl-elec-exch@lists.glhec.org
Subject: Proposal for stating key type in Commonline subject lines
From: PAUL LOGSTON <PLOGSTON@usagroup.com>
Date: Thu, 19 Mar 1998 09:38:27 -0600
Sender: owner-cl-elec-exch@lists.glhec.org


[Adminstrivia: When I use the word "Decrypt", I actually mean "Decrypt
and Verify Signature".  I'm just too lazy to type that every time.]

During last week's conference call, we determined that it would be useful
to specify the key type (RSA or D-H/DSS) in the subject line in the
message header, so we could know which key type to use to decrypt the
message and verify the signature.

The reason we need to know this information is that we may be using two
separate PGP products to decrypt files -- one for the RSA keys and one
for D-H/DSS.  This is due to the fact that PGP's two programming
interfaces (the Toolkit and the SDK) only support one key type each. 
Specifically, the PGP/ViaCrypt Toolkit only supports RSA keys and the SDK
only supports D-H/DSS.  And, since we are using different tools for each
key type, we would likely need to keep separate key rings by key type. 
All of this points to needing to know the key type used for the encryption
before actually processing the file.

However, it is pretty late in the game to be changing the subject lines for
CommonLine, since a lot of us (me included) already have code written
that looks for and specifies the old subject lines.  So, specifying the key
type must:

a) be optional, and
b) be compatible.

There for, I propose adding an optional identifier after the old CommonLine
subject string, but before the optional identifying information.  That
identifier should simply be either "KEYRSA" or "KEYD-H", enclosed in
brackets.  So, in general, our new subject line format would be:

    file-identifying-subject [KEYRSA | KEYD-H] <unique identifying
number>

The reason for the delimiters around the key type is: a) it is more
readable (IMHO) and b) it makes it easier to parse automatically.  The
reason I added the phrase "KEY" to the identifiers is simply to drive home
the purpose of the field.

For example, a CommonLine v3 App Send file's subject could look like this:
    COM03 APP SEND [KEYRSA] <199803180017>

A CommonLine key update transaction with a Diffie-Hellman key would
look like:
    CL COMM UPDATE [KEYD-H] <USA GROUP GUARANTEE SERVICES>

Since the Key Type is optional, the following is a CommonLine v2 App
Response using RSA keys:
    COM96 APP RESP <GC19140201>

Comments?

Prev by Date: NAI Update
Next by Date: RE: Proposal for stating key type in Commonline subject lines
Prev by thread: NAI Update
Next by thread: RE: Proposal for stating key type in Commonline subject lines
Index(es):
- Date
- Thread