Given our failure to deploy PKC in any meaningful way*, I think that
systems like Voltage, and the new PGP Universal are great.

* I don't see Verisign's web server tax as meaningful; they accept no
liability, and numerous companies foist you off to unrelted domains.
We could get roughly the same security level from fully opportunistic
or memory-oportunistic models.

Adam

On Thu, Sep 16, 2004 at 02:05:15AM -0700, Ed Gerck wrote:
| Benne,
| 
| With Voltage, all communications corresponding to the same public key can be
| decrypted using the same private key, even if the user is offline. To me, 
| this
| sounds worse than the PKC problem of trusting the recipient's key. Voltage
| also corresponds to mandatory key escrow, as you noted, with all its 
| drawbacks.
| 
| Cheers,
| Ed Gerck
| 
| Weger, B.M.M. de wrote:
| 
| >Hi Ed,
| >
| >What about ID-based crypto: the public key can be any string, such as
| >your e-mail address. So the sender can encrypt even before the
| >recipient has a key pair. The private key is derived from the ...
| 
| ---------------------------------------------------------------------
| The Cryptography Mailing List
| Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to