Digital Signing

[Voltage Spike]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wednesday, September 25, 2002, at 04:59 PM, Shawn Rutledge wrote:

> Is there any opportunity for reuse of keys, between SSL, SSH, PGP, 
> Kerberos,
> etc?

I don't think that this would make sense?  From my understanding, SSH, 
SSL, and probably Kerberos use much shorter keys than PGP-style keys 
due to the real-time nature of the transaction.  It is not 
computationally feasible to encrypt and decrypt data in real-time with 
a 1024-bit or higher key.  (Also, I believe that Kerberos uses a 
different type of key system.)

Of course, I suppose that it could be handled like IPSEC.  In other 
words, use the extreme key-pair to validate the user at each end and 
encrypt the "lesser" key (which may be randomly generated) to send 
across for real-time communication.  As far as I know, however, SSL is 
already considered secure for some time to come.

- -- 
                                                            Voltage Spike
       ,,,
      (. .)
- --ooO-(_)-Ooo--

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (Darwin)

iD8DBQE9k0lApNoctRtUIRQRAvVtAKCAEW4W8YgSo/ILe2dc/iKYM/1UWACbBmUF
0NqIIDCjNqOOHGVKRdR1aNQ=
=4RC6
-----END PGP SIGNATURE-----