[9094] in cryptography@c2.net mail archive
RE: GESG Identity-Based Public Key Cryptography (ID-PKC)
daemon@ATHENA.MIT.EDU (Amir Herzberg)
Wed Aug 1 12:33:47 2001
Message-ID: <078EE8822DCFD411AAA1000629D56ADC0B7E01@IMP01>
From: Amir Herzberg <AMIR@newgenpay.com>
To: cryptography@wasabisystems.com
Date: Wed, 1 Aug 2001 12:10:09 +0300
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
ID based public key is not a new concept, I believe first proposed by Adi
Shamir in Crypto 84 (the first I attended :-). It's a cute concept, but I'm
skeptic about its practical value - except of course as a way to force
parties to use private keys known to authorities :-(
The security requirement of ID based PKC is challanging, even more than
`regular` PKC (which is obviously a special case). So there were many works
proposing systems and also many attacks - although recently there are some
proposals with proofs of security (with strong assumptions...), e.g. Boneh &
Franklin in upcoming Crypto, see
http://crypto.stanford.edu/~dabo/abstracts/ibe.html.
But, what is the practical value of ID based systems? Not sending the public
key? Give me a break...
> M Taylor wrote:
> > The UK Communications-Electronics Security Group (CESG), the "defensive"
> > arm of the GCHQ, have published details about another PKC concept,
> > identity-based PKC, where every user's public key are predetermined by
an
> > unique identifier, such as email address. It does use a(/two) trusted
> > server(s), but might be viewed as an easier to use infrastructure than
> > tranditional PKI in some situations.
In what scenarios exactly? Many PKI scenarios are not ID specific at all -
ID is just one way to establish trust... And even when people use IDs, why
assume everybody trusts (completely!) the same authority?
Best, Amir
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
