[13786] in cryptography@c2.net mail archive
Re: Fwd: [IP] A Simpler, More Personal Key to Protect Online
daemon@ATHENA.MIT.EDU (Tim Dierks)
Tue Jul 8 18:49:51 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Tue, 08 Jul 2003 17:47:10 -0400
To: Nomen Nescio <nobody@dizum.com>, cryptography@metzdowd.com
From: Tim Dierks <tim@dierks.org>
In-Reply-To: <e6332a718cb95f315b8d22e95036f38a@dizum.com>
At 05:30 PM 7/8/2003, Nomen Nescio wrote:
>One difference is that with the identity-based crypto, once a sender
>has acquired the software and the CA's public key, he doesn't have to
>contact the CA to get anyone's "certificate". He can encrypt to anyone
>without having to contact the CA, just based on the email address.
>Your proposed substitute doesn't allow for this.
True, but how valuable is that, given that you can't send the actual
message without contacting a server? I suppose one can construct
theoretical scenarios where that's a benefit, but it seems to be a pretty
narrow niche to me.
> > but you don't need goofy new crypto to accomplish it.
>
>The Weil pairing hardly constitutes "goofy new crypto". They are
>doing all kinds of cool stuff with pairings these days, including
>privacy-enhancing technology such as public keys with built-in forward
>secrecy.
I retract the "goofy". My point was that the market is incredibly reluctant
to adopt new technology: if you can solve a problem with components known
to the marketplace, you're much more likely to be successful than if you
invent something new. This is above and beyond any reluctance to adopt new
cryptographic technology based on concerns about security.
Even if the Weil pairing is known to be 100% secure and tested, any new
solution has to, as a practical matter, leap a huge hurdle to overcome
available, well known alternatives. I've spent years attempting to get the
market to accept alternative security solutions, and I can testify to how
high that hurdle is. In my opinion, identity-based cryptography has
insufficient upside to overcome that hurdle, especially given that it is
not without its downsides (escrowed private keys, no protection against key
compromise).
- Tim
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
