I don't know PAIN...
Ben Laurie
ben at algroup.co.uk
Sat Dec 27 11:01:35 EST 2003
Raymond Lillard wrote:
> Ben Laurie wrote:
>
>> Ian Grigg wrote:
>>
>>> What is the source of the acronym PAIN?
>>> Lynn said:
>>>
>>>> ... A security taxonomy, PAIN:
>>>> * privacy (aka thinks like encryption)
>>>> * authentication (origin)
>>>> * integrity (contents)
>>>> * non-repudiation
>>>
>>>
>>> I.e., its provenance?
>>>
>>> Google shows only a few hits, indicating
>>> it is not widespread.
>>
>>
>> Probably because non-repudiation is a stupid idea:
>> http://www.apache-ssl.org/tech-legal.pdf.
>
>
> OK, I'm a mere country mouse when it comes to cryptography,
> so be kind.
:-)
> I have read most of the above paper on non-repudiation and
> noticed on p3 the following footnote:
>
> "Note that there is no theoretical reason that it should be
> possible to figure out the public key given the private key,
> either, but it so happens that it is generally possible to
> do so"
>
> So what's this "generally possible" business about?
Well, AFAIK its always possible, but I was hedging my bets :-) I can
imagine a system where both public and private keys are generated from
some other stuff which is then discarded.
> A few references will do.
If you want the gory details, I recommend the Handbook of Applied
Cryptography by Menezes et al., _not_ the Schneier brick. Warning:
pretty technical.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list