On Mon, Apr 8, 2019 at 2:32 PM Steven M. Bellovin <[email protected]> wrote:
> Slightly off-topic, but folks on this list may be interested in > > https://www.cs.columbia.edu/~smb/papers/eurosys-2019-submission408-e3-final-1.pdf > . > We plan to release the code as open source. > Looks interesting. I can see some clear convergence in mechanism. Though it is not clear to me how you are dealing with the per device keys. My approach is to split the decryption key. Which means I can add and remove devices etc. in no time at all. When I provision a new device, the administration device knows the private key for each of the applications I might provision to it. To add S/MIME capabilities, it splits the private key in two, sends one to the service and encrypts the other under the public key of the device. So the service only has a random number and the device can't decrypt without the device helping. The crypto is a scheme Matt Blaze and Torben Pederssen discovered. Depending on how you look at it, you can consider this to be Proxy Re-encryption or Distributed Key Generation. It is actually a simple case that sits at the intersection of both.
_______________________________________________ Endymail mailing list [email protected] https://www.ietf.org/mailman/listinfo/endymail
