Help glossary item about encryption keys & signing key provides wrong info

VERIFIED FIXED

Status

Documentation
Help Viewer
--
minor
VERIFIED FIXED
15 years ago
14 years ago

People

(Reporter: Gunnar Kaestle, Assigned: R.J. Keller)

Tracking

Details

(URL)

Attachments

(1 attachment)

(Reporter)

Description

15 years ago
| encryption key.  A private key used for encryption only. 
| An encryption key and its equivalent public key, 

The last sentence is wrong. The encryption key is public, so it has an
equivalent  private key for decryption purposes.
"An encryption key and its equivalent private key," is the correct wording.
(Reporter)

Comment 1

15 years ago
http://www.mozilla.org/docs/help/glossary.html

It's the same here:
"signing key.  A private key used for signing only. A signing key and its
equivalent public key, together with an encryption key and its equivalent public
key, constitute dual key pairs."

The encryption key is public, so the equivalent decoding key is private. 

Comment 2

15 years ago
-> documentation
Blocks: 187558
Status: UNCONFIRMED → NEW
Component: Help → User
Ever confirmed: true
Product: Browser → Documentation
QA Contact: tpreston → rudman
Summary: glossary item about encryption keys provides wrong info → Help glossary item about encryption keys & signing key provides wrong info
Version: Trunk → unspecified
(Reporter)

Comment 3

15 years ago
http://lxr.mozilla.org/seamonkey/source/extensions/help/resources/locale/en-US/glossary.html#encryption_certificate

| encryption certificate.  A certificate whose public key corresponds 
| to a private key used for encryption only. 

confusing: what is used for encryption only?
the private key? No - private keys are used for decryption and signing, public
keys for checking signatures and encrypting.

Better:
encryption certificate.  A certificate whose private key corresponds 
to a public key used for encryption only. Encryption certificates are not used
for signing operations.

or 
encryption certificate.  A certificate used for encryption only whose 
private key corresponds to a public key. Encryption certificates are not used
for signing operations.
(but that a private and a public key do correspond to each other, isn't 
really new, is it?)

Comment 4

14 years ago
moving stuff over to an outside-the-firewall email for the time being, looking
for people to pick these Help and doc bugs up for me.
Assignee: oeschger → oeschger
(Assignee)

Comment 5

14 years ago
--> me

This will be fixed for 1.6a
Assignee: oeschger → rlk
(Assignee)

Comment 6

14 years ago
FIXED in glossary rewrite.
Status: NEW → RESOLVED
Last Resolved: 14 years ago
QA Contact: rudman → stolenclover
Resolution: --- → FIXED

Comment 7

14 years ago
Reopen

  signing key.  A private key used for signing only. A signing
  key and its equivalent public key, together with an encryption
- key and its equivalent public key, constitute dual key pairs.
+ key and its equivalent private key, constitute dual key pairs.

The entry for "encryption certificate" is still confusing. I don't know anything
about these stuff. Gunnar, got sometime to look over the glossary again and make
suggestion?
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
(Reporter)

Comment 8

14 years ago
  encryption certificate.  
- A certificate whose public key corresponds to a private key
+ A <a href="#certificate">certificate</a> whose public key is 
  used for encryption only. 
  Encryption certificates are not used for signing operations. 
  See also dual key pairs, signing certificate.

---
Ann.:
With private keys you can decipher messages and/or sign them.
With public keys you encrypt messages and/or check a digital signature.
Due to security considerations, it makes sometimes sense to separate the signing
and scrambling business -> dual key pairs. 
If one key pair is compromised (e.g. the communication cipher key), the
integrity of your signed messages (contracts/agreements) is still untouched. Or,
you can apply a different level of security (key length) to different
crytographic operations. It may not so interesting to read five year (perhaps
then short keys can easily broken) old business-mail, but it may be nasty to
find out "you" electronically signed 5y ago something you never heard of.

Comment 9

14 years ago
Created attachment 138551 [details] [diff] [review]
remaining stuff, credit goes to Gunnar Kaestle

Updated

14 years ago
Attachment #138551 - Flags: review?(rlk)
(Assignee)

Comment 10

14 years ago
Comment on attachment 138551 [details] [diff] [review]
remaining stuff, credit goes to Gunnar Kaestle

Moving to Neil, since I'm not 100% sure if that is correct and don't have time
to look it up.

Neil will probably get you the review sooner since I'm bogged down with work
(non-mozilla related).
Attachment #138551 - Flags: review?(rlk) → review?(neil.parkwaycc.co.uk)

Comment 11

14 years ago
Comment on attachment 138551 [details] [diff] [review]
remaining stuff, credit goes to Gunnar Kaestle

Makes sense. Sorry for taking so long to get around to it.
Attachment #138551 - Flags: review?(neil.parkwaycc.co.uk) → review+

Comment 12

14 years ago
Fix checked in.
Status: REOPENED → RESOLVED
Last Resolved: 14 years ago14 years ago
Resolution: --- → FIXED

Updated

14 years ago
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.