A different take on the problem: Would something built around identify-based encryption help here? It sounds very tempting: My email address (or any other string - say a bitmap of a picture of me) *is* my public key. The problem is that it requires a central server that implicitly has access to my private key. There are some proposals around to work around that (e.g., by constructing the key from a combination of keys from different key generators). But we could go another route: I can run a key generator on my own hardware. That doesn't quite solve the problem, since you now need a secure way to find my key generator - any generator will happily tell you how to encrypt using leich...@lrw.com to generate the public key, and *it* will have the corresponding private key.
I don't quite see how to make this work, but IBE seems like a primitive that might be helpful, somehow. -- Jerry _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography