From Radia Perlman

Michal Geva (Michal.Geva@Israel)
Thu, 15 Jan 1998 13:44:48 +0200 (IST)

Date: Thu, 15 Jan 1998 13:44:48 +0200 (IST)
From: Michal Geva <Michal.Geva@Israel>
Subject: From Radia Perlman
To: java-security@java0.javasoft.com

Hi. I'm using Michal's workstation in Israel, which
is why it's coming from her.

Anyway, she showed me a document about X.509 certificates,
called "Why should I care about X.509 certificates".
It's terrific, by the way. Very nice tutorial.

Only comment is that I think the example of a signature
only key might be incorrect but I'm not sure.
I think the SSL handshake is considered "authentication"
and not "encryption" even though the session key might
be encrypted with the other side's public key. I think
signature keys are used for authentication and to
establish a session key, whereas encryption keys
are used for things like encrypted email.

You may be correct that you shouldn't use a "signature
only key" for SSL authenticaiton, butthat wasn't how
I understood it so you may want to check that or use
a different example.

Radia