Fwd: [IP] A Simpler, More Personal Key to Protect Online Messages

Tim Dierks tim at dierks.org
Tue Jul 8 17:47:10 EDT 2003

At 05:30 PM 7/8/2003, Nomen Nescio wrote:
>One difference is that with the identity-based crypto, once a sender
>has acquired the software and the CA's public key, he doesn't have to
>contact the CA to get anyone's "certificate".  He can encrypt to anyone
>without having to contact the CA, just based on the email address.
>Your proposed substitute doesn't allow for this.

True, but how valuable is that, given that you can't send the actual 
message without contacting a server? I suppose one can construct 
theoretical scenarios where that's a benefit, but it seems to be a pretty 
narrow niche to me.

> > but you don't need goofy new crypto to accomplish it.
>The Weil pairing hardly constitutes "goofy new crypto".  They are
>doing all kinds of cool stuff with pairings these days, including
>privacy-enhancing technology such as public keys with built-in forward

I retract the "goofy". My point was that the market is incredibly reluctant 
to adopt new technology: if you can solve a problem with components known 
to the marketplace, you're much more likely to be successful than if you 
invent something new. This is above and beyond any reluctance to adopt new 
cryptographic technology based on concerns about security.

Even if the Weil pairing is known to be 100% secure and tested, any new 
solution has to, as a practical matter, leap a huge hurdle to overcome 
available, well known alternatives. I've spent years attempting to get the 
market to accept alternative security solutions, and I can testify to how 
high that hurdle is. In my opinion, identity-based cryptography has 
insufficient upside to overcome that hurdle, especially given that it is 
not without its downsides (escrowed private keys, no protection against key 

  - Tim

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list