RE: [Geopriv]WGLCondraft-ietf-geopriv-l7-lcp-ps-00(PIDF-LOdigitalsignatures)

From: Dawson, Martin ^lt;Martin.Dawson@andrew.com>
Date: Wed Mar 07 2007 - 16:56:37 EST

What's the patent encumbrance? Can someone enlighten me? Cheers, Martin -----Original Message----- From: Andrew Newton [mailto:andy@hxr.us] Sent: Thursday, 8 March 2007 6:02 AM To: Brian Rosen Cc: geopriv@ietf.org; 'Marc Linsner' Subject: Re: [Geopriv]WGLCondraft-ietf-geopriv-l7-lcp-ps-00(PIDF-LOdigitalsignatures) On Mar 7, 2007, at 1:53 PM, Brian Rosen wrote: > Yes, it works. I don't think it's any better or worse than signing > the > location value, but the operations required (dereference at every > step) is a > pain. It's functional. Consider that the TLS operation needs the > very same > cert that you would use to sign, the crypto operations are roughly > similar, > and the security is pretty much the same. No. You missed one crucial and important operation: data canonicalization. Signing the data requires it, using TLS does not. And replay attacks can be thwarted. Plus, it isn't patent encumbered. > Let's look at the cases you seem to care about: enterprise and Marc > Linsner's boat-as-access-network. > > The enterprise can sign a cert or use it's cert to create a TLS > connection. > To trust it, the cert it uses has to be signed by someone you trust. > Signatures have the same characteristics as TLS. If it won't > accept a TLS > (or only offers digest authentication) then you could be suspicious, > although you would proceed. > > The boat is unlikely to have a cert you trust for either TLS or > signing. > Best you could do is to verify that the domain is owned by the > signer, if > the cert was in the DNS. It offers no new trust relationship, that is correct. -andy _______________________________________________ Geopriv mailing list Geopriv@ietf.org https://www1.ietf.org/mailman/listinfo/geopriv ------------------------------------------------------------------------------------------------ This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any unauthorized use of this email is prohibited. ------------------------------------------------------------------------------------------------ [mf2]

_______________________________________________
Geopriv mailing list
Geopriv@ietf.org
https://www1.ietf.org/mailman/listinfo/geopriv
Received on Wed, 7 Mar 2007 15:56:37 -0600

This archive was generated by hypermail 2.1.8 : Wed Mar 07 2007 - 20:00:36 EST