Timeline for Why do web-services tend to use preshared secret keys for client authentication instead of public keys?

Current License: CC BY-SA 4.0

16 events

when toggle format	what		by	license	comment
Sep 13, 2022 at 12:52	answer	added	Jason Stewart		timeline score: 0
Sep 12, 2022 at 18:15	comment	added	chrylis -cautiouslyoptimistic-		Try some other APIs. I am currently using two APIs that have me paste an RSA key to sign JWTs with.
Sep 12, 2022 at 14:08	comment	added	Jory Geerts		"Now, I understand that for encryption, we do need to send a symmetric key alongside a payload, to decrypt it." This is incorrect. As stated in the question you link to, asymetric encryption is a no-go for very large payloads, but for smaller payloads it isn't a problem.
Sep 11, 2022 at 20:59	vote	accept	Gregory Magarshak
Sep 11, 2022 at 17:12	answer	added	David		timeline score: 1
Sep 10, 2022 at 20:42	answer	added	JackW		timeline score: 12
S Sep 10, 2022 at 9:26	history	suggested	Dai	CC BY-SA 4.0	“API” is not an appropriate way to refer to web-services.
Sep 10, 2022 at 9:15	answer	added	DavidT		timeline score: 4
Sep 10, 2022 at 7:28	comment	added	user3840170		Since it isn’t actually used for symmetric encryption, it’s probably misleading to call a bearer token a ‘symmetric key’.
Sep 10, 2022 at 6:02	review	Suggested edits
S Sep 10, 2022 at 9:26
Sep 10, 2022 at 3:01	history	tweeted			twitter.com/StackCrypto/status/1568434437674700800
Sep 10, 2022 at 1:08	comment	added	Colonel Thirty Two		What threat model would signing the requests give over simply specifying an authentication token (which is not an encryption key)?
Sep 10, 2022 at 0:03	answer	added	David		timeline score: 29
Sep 9, 2022 at 23:05	history	became hot network question
Sep 9, 2022 at 16:12	answer	added	knaccc		timeline score: 8
Sep 9, 2022 at 15:03	history	asked	Gregory Magarshak	CC BY-SA 4.0

toggle format