Closed Bug 177456 Opened 22 years ago Closed 21 years ago

Help glossary item about encryption keys & signing key provides wrong info

Categories

(Documentation Graveyard :: Help Viewer, defect)

Product:
Documentation Graveyard
Component:
Help Viewer
Type:
defect
Priority:
Not set
Severity:
minor

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: gunnar.kaestle, Assigned: rjkeller)

References

(
URL
)

Details

Attachments

(1 file)

remaining stuff, credit goes to Gunnar Kaestle
1.75 KB, patch
neil
: review+
Details | Diff | Splinter Review 
| encryption key.  A private key used for encryption only. 
| An encryption key and its equivalent public key, 

The last sentence is wrong. The encryption key is public, so it has an
equivalent  private key for decryption purposes.
"An encryption key and its equivalent private key," is the correct wording.
http://www.mozilla.org/docs/help/glossary.html

It's the same here:
"signing key.  A private key used for signing only. A signing key and its
equivalent public key, together with an encryption key and its equivalent public
key, constitute dual key pairs."

The encryption key is public, so the equivalent decoding key is private. 


-> documentation
Blocks: 187558
URL: http://www.mozilla.org/docs/help/glos...chrome://help/locale/glossary.html#10...
Status: UNCONFIRMED → NEW
Component: Help → User
Ever confirmed: true
Product: Browser → Documentation
QA Contact: tpreston → rudman
Summary: glossary item about encryption keys provides wrong info → Help glossary item about encryption keys & signing key provides wrong info
Version: Trunk → unspecified
http://lxr.mozilla.org/seamonkey/source/extensions/help/resources/locale/en-US/glossary.html#encryption_certificate

| encryption certificate.  A certificate whose public key corresponds 
| to a private key used for encryption only. 

confusing: what is used for encryption only?
the private key? No - private keys are used for decryption and signing, public
keys for checking signatures and encrypting.

Better:
encryption certificate.  A certificate whose private key corresponds 
to a public key used for encryption only. Encryption certificates are not used
for signing operations.

or 
encryption certificate.  A certificate used for encryption only whose 
private key corresponds to a public key. Encryption certificates are not used
for signing operations.
(but that a private and a public key do correspond to each other, isn't 
really new, is it?)


moving stuff over to an outside-the-firewall email for the time being, looking
for people to pick these Help and doc bugs up for me.
Assignee: oeschger → oeschger
--> me

This will be fixed for 1.6a
Assignee: oeschger → rlk
FIXED in glossary rewrite.
Status: NEW → RESOLVED
Closed: 21 years ago
QA Contact: rudman → stolenclover
Resolution: --- → FIXED
Reopen

  signing key.  A private key used for signing only. A signing
  key and its equivalent public key, together with an encryption
- key and its equivalent public key, constitute dual key pairs.
+ key and its equivalent private key, constitute dual key pairs.

The entry for "encryption certificate" is still confusing. I don't know anything
about these stuff. Gunnar, got sometime to look over the glossary again and make
suggestion?
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
  encryption certificate.  
- A certificate whose public key corresponds to a private key
+ A <a href="#certificate">certificate</a> whose public key is 
  used for encryption only. 
  Encryption certificates are not used for signing operations. 
  See also dual key pairs, signing certificate.

---
Ann.:
With private keys you can decipher messages and/or sign them.
With public keys you encrypt messages and/or check a digital signature.
Due to security considerations, it makes sometimes sense to separate the signing
and scrambling business -> dual key pairs. 
If one key pair is compromised (e.g. the communication cipher key), the
integrity of your signed messages (contracts/agreements) is still untouched. Or,
you can apply a different level of security (key length) to different
crytographic operations. It may not so interesting to read five year (perhaps
then short keys can easily broken) old business-mail, but it may be nasty to
find out "you" electronically signed 5y ago something you never heard of.
Attachment #138551 - Flags: review?(rlk)
Comment on attachment 138551 [details] [diff] [review]
remaining stuff, credit goes to Gunnar Kaestle

Moving to Neil, since I'm not 100% sure if that is correct and don't have time
to look it up.

Neil will probably get you the review sooner since I'm bogged down with work
(non-mozilla related).
Attachment #138551 - Flags: review?(rlk) → review?(neil.parkwaycc.co.uk)
Comment on attachment 138551 [details] [diff] [review]
remaining stuff, credit goes to Gunnar Kaestle

Makes sense. Sorry for taking so long to get around to it.
Attachment #138551 - Flags: review?(neil.parkwaycc.co.uk) → review+
Fix checked in.
Status: REOPENED → RESOLVED
Closed: 21 years ago21 years ago
Resolution: --- → FIXED
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: