RE: public-key: the wrong model for email?

2004-09-16 Thread Weger, B.M.M. de
Hi Ed, What about ID-based crypto: the public key can be any string, such as your e-mail address. So the sender can encrypt even before the recipient has a key pair. The private key is derived from the public key by a trusted party when the recipient asks for it. Yes, the recipient does have some

Re: public-key: the wrong model for email?

2004-09-16 Thread Ed Gerck
Anne Lynn Wheeler wrote: PGP allows that a relying party vet a public key with the key owner and/or vet the key with one or more others (web-of-trust) note that while public key alleviates the requirement that a key be distributed with secrecy ... it doesn't eliminate the requirement that the

Re: public-key: the wrong model for email?

2004-09-16 Thread Ed Gerck
Benne, With Voltage, all communications corresponding to the same public key can be decrypted using the same private key, even if the user is offline. To me, this sounds worse than the PKC problem of trusting the recipient's key. Voltage also corresponds to mandatory key escrow, as you noted, with

Re: pci hardware for secure crypto storage (OpenSSL/OpenBSD)

2004-09-16 Thread Werner Koch
On Wed, 15 Sep 2004 16:30:54 +0100, Ian Grigg said: There is a device that is similar to those characteristics: http://woudt.nl/epass-pgp/ http://www.financialcryptography.com/mt/archives/000201.html The advantage of the OpenPGP card is that is is a specification that it is open and ready for

[Publicity-list] DIMACS Workshop on Computational Issues in Auction Design

2004-09-16 Thread Linda Casals
* DIMACS Workshop on Computational Issues in Auction Design October 7 - 8, 2004 DIMACS Center, Rutgers University, Piscataway, NJ Organizers: Jayant Kalagnanam, IBM Watson Lab, [EMAIL PROTECTED] Eric

Re: public-key: the wrong model for email?

2004-09-16 Thread Adam Shostack
Given our failure to deploy PKC in any meaningful way*, I think that systems like Voltage, and the new PGP Universal are great. * I don't see Verisign's web server tax as meaningful; they accept no liability, and numerous companies foist you off to unrelted domains. We could get roughly the same

Re: public-key: the wrong model for email?

2004-09-16 Thread Anne Lynn Wheeler
At 11:19 PM 9/15/2004, Ed Gerck wrote: Yes, PKC provides a workable solution for key distribution... when you look at servers. For email, the PKC solution is not workable (hasn't been) and gives a false impression of security. For example, the sender has no way of knowing if the recipient's key is

Re: public-key: the wrong model for email?

2004-09-16 Thread Ian Grigg
Adam Shostack wrote: Given our failure to deploy PKC in any meaningful way*, I think that systems like Voltage, and the new PGP Universal are great. I think the consensus from debate back last year on this group when Voltage first surfaced was that it didn't do anything that couldn't be done with

Re: public-key: the wrong model for email?

2004-09-16 Thread Ed Gerck
Anne Lynn Wheeler wrote: the issue then is what level do you trust the recipient, what is the threat model, and what are the countermeasures. if there is a general trust issue with the recipient (not just their key generating capability) ... then a classified document compromise could happen

Re: public-key: the wrong model for email?

2004-09-16 Thread Ed Gerck
Adam Shostack wrote: I think the consensus from debate back last year on this group when Voltage first surfaced was that it didn't do anything that couldn't be done with PGP, and added more risks to boot. Voltage actually does. It allows secure communication without pre-registering the recipient.