Adam Shostack wrote:

On Thu, Sep 16, 2004 at 12:05:57PM -0700, Ed Gerck wrote:
| >Adam Shostack wrote:
| >
| >I think the consensus from debate back last year on
| >this group when Voltage first surfaced was that it
| >didn't do anything that couldn't be done with PGP,
| >and added more risks to boot.
| | Voltage actually does. It allows secure communication
| without pre-registering the recipient.


Generate a key for "[EMAIL PROTECTED]" encrypt mail to
Bob to that key.  When Bob shows up, decrypt and send over ssl.

How do you know when the right Bob shows up? And...why encrypt? The email never left your station. Your method is equivalent to: send anything to Bob at "[EMAIL PROTECTED]". When Bob shows up pray he is the right one and send email over ssl. You also have to run an ssl server (or trust Bob's server key).

With Voltage, you encrypt the email to "[EMAIL PROTECTED]"
and send it. The sender's work is done[*]. Yes, the other problems still
exist with Voltage.

Cheers,
Ed Gerck

[*] The recipient can decrypt the Voltage email only IF both the sender
and  recipient can refer to the same key generation parameters for the
recipient. This is a problem that I have not seen Voltage discuss. Users
in different or competing administration boundaries will not be able
to communicate with each other in general.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to