Given our failure to deploy PKC in any meaningful way*, I think that systems like Voltage, and the new PGP Universal are great.
* I don't see Verisign's web server tax as meaningful; they accept no liability, and numerous companies foist you off to unrelted domains. We could get roughly the same security level from fully opportunistic or memory-oportunistic models. Adam On Thu, Sep 16, 2004 at 02:05:15AM -0700, Ed Gerck wrote: | Benne, | | With Voltage, all communications corresponding to the same public key can be | decrypted using the same private key, even if the user is offline. To me, | this | sounds worse than the PKC problem of trusting the recipient's key. Voltage | also corresponds to mandatory key escrow, as you noted, with all its | drawbacks. | | Cheers, | Ed Gerck | | Weger, B.M.M. de wrote: | | >Hi Ed, | > | >What about ID-based crypto: the public key can be any string, such as | >your e-mail address. So the sender can encrypt even before the | >recipient has a key pair. The private key is derived from the ... | | --------------------------------------------------------------------- | The Cryptography Mailing List | Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
