To:
keydist@cafax.se
From:
Paul Hoffman / IMC <phoffman@imc.org>
Date:
Mon, 7 Jan 2002 13:23:23 -0800
Sender:
owner-keydist@cafax.se
Subject:
Definitions of keys and certs
Let's toss a bit more fat on the fire here. Some people have been claiming that they only care about bare public keys; I disagree with a subset of that group. A bare public key that you will only trust if you trust a public key that has signed it is not a public key: it is a part of a certificate. DNSSEC "keys" are in fact not keys, they are a part of a certificate. A bare public key that you will trust based on out-of-band information is in fact a public key. SSH public keys usually match that definition. These are not the same thing. --Paul Hoffman, Director --Internet Mail Consortium