[7756] in cryptography@c2.net mail archive
Re: reflecting on PGP, keyservers, and the Web of Trust
daemon@ATHENA.MIT.EDU (P.J. Ponder)
Tue Sep 5 22:12:58 2000
Date: Tue, 5 Sep 2000 22:17:04 -0400 (EDT)
From: "P.J. Ponder" <ponder@freenet.tlh.fl.us>
To: David Honig <honig@sprynet.com>
Cc: Dan Geer <geer@world.std.com>, cryptography@c2.net
In-Reply-To: <3.0.6.32.20000905163858.008c3a80@pop.sprynet.com>
Message-ID: <Pine.OSF.4.21.0009052211420.19929-100000@fn3.freenet.tlh.fl.us>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Tue, 5 Sep 2000, David Honig wrote:
>
> If you have a secure channel to exchange a passphrase in,
> you have no need for PK.
>
Public key allows digital signatures, which a secure channel for key
exchange doesn't provide. Two parties may choose to use symmetric
encryption for exchanging messages and agree between themselves to accept
any message encrypted with the secret key to be a binding expression - but
this method does not prevent Alice from encrytping a message to herself
and claiming it came from Bob. Either party can cheat in this way with
symmetric key.
