[7759] in cryptography@c2.net mail archive
Re: reflecting on PGP, keyservers, and the Web of Trust
daemon@ATHENA.MIT.EDU (David Honig)
Tue Sep 5 23:37:32 2000
Message-Id: <3.0.6.32.20000905202043.008ba100@pop.sprynet.com>
Date: Tue, 05 Sep 2000 20:20:43 -0700
To: "P.J. Ponder" <ponder@freenet.tlh.fl.us>, David Honig <honig@sprynet.com>
From: David Honig <honig@sprynet.com>
Cc: Dan Geer <geer@world.std.com>, cryptography@c2.net
In-Reply-To: <Pine.OSF.4.21.0009052211420.19929-100000@fn3.freenet.tlh.f
l.us>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
At 10:17 PM 9/5/00 -0400, P.J. Ponder wrote:
>
>
>On Tue, 5 Sep 2000, David Honig wrote:
>>
>> If you have a secure channel to exchange a passphrase in,
>> you have no need for PK.
>>
>
>Public key allows digital signatures,
A digsig does indeed rely on PK, but you needn't use digsigs
to use PK. Digsigs are orthogonal to the confidentiality you
get using PK to exchange ephemeral private keys (eg PGP).
which a secure channel for key
>exchange doesn't provide. Two parties may choose to use symmetric
>encryption for exchanging messages and agree between themselves to accept
>any message encrypted with the secret key to be a binding expression - but
>this method does not prevent Alice from encrytping a message to herself
>and claiming it came from Bob. Either party can cheat in this way with
>symmetric key.
PK lets you send a key via postcard which gives you strong envelopes later.
PK's ability to publish (phone book) or sign (digsigs) a key or message
are fully independent of PK's ability to let you email a key which remains
secure after sending an insecure email.
Given Carnivore (tm), 'privately' emailing your public key is
spook-equivalent to publishing on a web server, though e.g., using a
different
PK for each correspondent makes individual emails slightly more
difficult to attack. The more hard-core distribute keys to previously known
parties on physical media, only.
cheers,
dh
