On Wednesday, September 25, 2002, at 04:59 PM, Shawn Rutledge wrote:
> Is there any opportunity for reuse of keys, between SSL, SSH, PGP,
> Kerberos,
> etc?
I don't think that this would make sense? From my understanding, SSH,
SSL, and probably Kerberos use much shorter keys than PGP-style keys
due to the real-time nature of the transaction. It is not
computationally feasible to encrypt and decrypt data in real-time with
a 1024-bit or higher key. (Also, I believe that Kerberos uses a
different type of key system.)
Of course, I suppose that it could be handled like IPSEC. In other
words, use the extreme key-pair to validate the user at each end and
encrypt the "lesser" key (which may be randomly generated) to send
across for real-time communication. As far as I know, however, SSL is
already considered secure for some time to come.
- --
Voltage Spike
,,,
(. .)
- --ooO-(_)-Ooo--
(text/plain)