[13787] in cryptography@c2.net mail archive
RE: Fwd: [IP] A Simpler, More Personal Key to Protect Online Mess
daemon@ATHENA.MIT.EDU (Whyte, William)
Tue Jul 8 20:59:47 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "Whyte, William" <WWhyte@ntru.com>
To: 'Nomen Nescio' <nobody@dizum.com>, cryptography@metzdowd.com
Date: Tue, 8 Jul 2003 17:49:04 -0400
> One difference is that with the identity-based crypto, once a sender
> has acquired the software and the CA's public key, he doesn't have to
> contact the CA to get anyone's "certificate". He can encrypt to anyone
> without having to contact the CA, just based on the email address.
> Your proposed substitute doesn't allow for this.
But you don't have to contact the CA to get someone's certificate.
A standard way is to send them an email saying "can you send me
a signed message?"
This also ensures you have the right public key. I haven't
studied the details of IBE, but I assume that (a) there may
be multiple IBE-based "CA"s, with different parameters, and
(b) the identity that's used to encrypt will be not just a
name, but a name and a date (to ensure that some revocation-like
capability exists). In either case, you can't simply pick the
email address and use it as the public key; you need to establish
some additional information first. This seems to put us back
in the same place as with standard PKI, usability-wise. (Or,
rather, there may be a usability delta for IBE, but it's very
small).
When you add to this the fact that the server knows your
decryption key... I really don't see why this is worth getting
excited about commercially, or even from an engineering perspective.
It's cool maths, though.
Cheers,
William
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
