[509] in cryptography@c2.net mail archive
Re: Encrypted filing of patents sans GAK?
daemon@ATHENA.MIT.EDU (Steve)
Sat Apr 5 15:55:06 1997
To: jamesd@echeque.com
cc: Larry Layten <larry@ljl.com>, "cryptography@c2.net" <cryptography@c2.net>
In-reply-to: Your message of "Sat, 05 Apr 1997 11:14:36 +0700."
<199704051915.LAA17967@proxy1.ba.best.com>
Date: Sat, 05 Apr 1997 12:24:27 -0800
From: Steve <steve@edmweb.com>
>> Any well designed system provides for separate keys for encryption
>> and signature anyway.
>
> Not so:
> You frequently need to link the signature to the encryption key,
> because when sending encrypted mail you want to be sure you are
> encrypting to the same person who signed.
So you sign your public encryption key using your signature key. This
reduces the problem to proper distribution of your public signature
key, which is no more or less difficult than proper distribution of a
single encryption/signing key.
I still don't see any advantages to having one key for signing and one
for encrypting. I _can_ see advantages to having a personal hierarchy
of keys... If you have one "master" key that is long-lived and only
used to sign your other short-lived keys, then the master key is harder
to attack because it isn't used very often. Most practical attacks
involve MITM which is nearly impossible if a public key is already
widely distributed, or stealing the key+passphrase which becomes very
difficult if the private key is rarely used. Also, when the key is
rarely used, there's less temptation to sacrifice security for
convenience.
