Fwd: [IP] A Simpler, More Personal Key to Protect Online Mess ages
Whyte, William
WWhyte at ntru.com
Tue Jul 8 17:49:04 EDT 2003
> One difference is that with the identity-based crypto, once a sender
> has acquired the software and the CA's public key, he doesn't have to
> contact the CA to get anyone's "certificate". He can encrypt to anyone
> without having to contact the CA, just based on the email address.
> Your proposed substitute doesn't allow for this.
But you don't have to contact the CA to get someone's certificate.
A standard way is to send them an email saying "can you send me
a signed message?"
This also ensures you have the right public key. I haven't
studied the details of IBE, but I assume that (a) there may
be multiple IBE-based "CA"s, with different parameters, and
(b) the identity that's used to encrypt will be not just a
name, but a name and a date (to ensure that some revocation-like
capability exists). In either case, you can't simply pick the
email address and use it as the public key; you need to establish
some additional information first. This seems to put us back
in the same place as with standard PKI, usability-wise. (Or,
rather, there may be a usability delta for IBE, but it's very
small).
When you add to this the fact that the server knows your
decryption key... I really don't see why this is worth getting
excited about commercially, or even from an engineering perspective.
It's cool maths, though.
Cheers,
William
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list