Question: Is it okay for Alice and Bob to communicate with each other
using a single shared public/private elliptic key pair? Experimentally
it seems to work, but does it introduce any security holes? (Beyond the
obvious that keys can't be individually deployed and revoked when they
are not individually issued.)
Motivation: Alice and Bob are in the same household, they trust each
other. They are, um, liberal, Charlie might be joining, too, they will
trust him, too. When he does join they would rather not do a bunch of
two-way key distribution. Also, there might be more than one instance of
Alice (and of Bob and Charlie), and the Alices (and Bobs and Charlies)
want to be able to talk to among themselves. They are willing to rekey
the entire household if need be. And if later they need more resolution
of who trusts whom they can start issuing some unique keys then. But in
the meantime, does sharing keys open up any vulnerabilities?
Thanks,
-kb
_______________________________________________
zeromq-dev mailing list
[email protected]
https://lists.zeromq.org/mailman/listinfo/zeromq-dev
