Anne & Lynn Wheeler wrote:

PGP allows that a relying party vet a public key with the key owner and/or vet the key with one or more others (web-of-trust)

note that while public key alleviates the requirement that a key be distributed with secrecy ... it doesn't eliminate the requirement that the public key have some trust characteristic associated (i.e. secrecy will tend to include some trust, but elimination of secrecy doesn't eliminate the requirement for trust).


My question on this is not about trust, even though I usually have  many
questions on trust ;-)

Yes, PKC provides a workable solution for key distribution... when you
look at servers. For email, the PKC solution is not workable (hasn't been)
and gives a false impression of security. For example, the sender has no
way of knowing if the recipient's key is weak (in spite of its length)
or has some "key-access" feature. Nonetheless, the sender has to use that

The analogy here is with you sending a confidential document using a courier
you don't know and cannot verify. Would you?

Further, it is generally in the recipient's interest that the decision to
send document X using channel Y should be under the sender's control. Any
limitation or directive imposed by the recipient on the sender (such as:
use my public-key) can shift the burden of risk to the recipient (your key
was weak, hence I had a loss). Liability follows power. The current use of
PKC in email is neither good to the sender nor to the recipient.

To further clarify, my comment is not that PKC is not useful for email. I
believe it is, but not directly used as it is today. The PKC key distribution
solution is backwards for email.

Ed Gerck

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to