public-key: the wrong model for email?
Anne & Lynn Wheeler
lynn at garlic.com
Wed Sep 15 20:54:11 EDT 2004
At 12:39 PM 9/15/2004, Ed Gerck wrote:
> > [1] Public-key cryptography gives the impression that email message
> security can
> > be achieved quite simply. The public-key can be distributed at will, no
> need for
> > secrecy, and anyone can receive private and secure messages. The same
> procedure
> > being applied to each side, sender and receiver, both could immediately
> engage
> > in private and secure communication.
there are (at least) 2-3 characteristics of various public key systems
1) the public key doesn't have to be kept confidential as part of the
distribution
2) you don't need a unique key for every unique security &/or business domain
3) other parties can attest to any bindings between the public key and
other characteristics
however, while the fact that public key secrecy isn't required (vis-a-vis
secret keys) ... and possibly enables one or more of the mentioned
characteristics, public key operation doesn't mandate all such
characteristics be mandatory for the use of public keys.
PGP allows that a relying party vet a public key with the key owner and/or
vet the key with one or more others (web-of-trust)
note that while public key alleviates the requirement that a key be
distributed with secrecy ... it doesn't eliminate the requirement that the
public key have some trust characteristic associated (i.e. secrecy will
tend to include some trust, but elimination of secrecy doesn't eliminate
the requirement for trust).
so an infrastructure analogy to physical mail for public key .... is that
public key becomes the trusted address for the recipient. in the physical
world ... to send some mail ... you need a trusted mailing address for the
recipient ... you need to have acquired that address in some manner and
furthermore have some trust that it is the correct address. so lets assume
that some number of equivalent mechanisms exist for public keys. it so
happens that the encryption of the contents with the public key and the
addressing of the contents with that same public key .... has some
associated trusted infrastructure that delivers the package to the correct
recipient.
lets say that instead of having personal zip-codes and personal cell-phone
numbers (that you take with you regardless of the service and/or physical
location)... that can reach you regardless of where you happen to be in the
world .... the "number" that can be guaranteed to reach you, also happens
to have the characteristics of a public key.
so public key mapping to entity infrastructures take on similar
characteristics as personal (physical) mailing addresses and/or personal
cell-phone numbers ... and then you have trusted infrastructures (usps,
telephone companies, gov. posts) that can be relied on to make the
connection to the appropriate recipient .... which then approximates a
public key paradigm mapping to existing physical world paradigms.
in the current physical world infrastructure, the publication &/or
distribution of addresses are relatively low-cost (&/or free) operations
with the infrastructures making their real money off the delivery ... as
opposed to the publication.
translated to the internet paradigm .... everybody has a public key (in
much the same way that everybody can have a personal cellphone number that
may reach them regardless of where they are in the world). the public key
is registered in something like the domain name infrastructure which then
is able to figure out how to find you in the world (in manner similar to
how personal cellphone number can find you anywhere in the world).
it isn't necessary that public key paradigms have to be the wrong model for
email .... it is that the various existing economic models for making money
off of public key infrastructures may be inconsistent with normal expected
business operations. however, there is nothing intrinsic to public keys
that mandate they are tied to existing public key infrastructure economic
models.
--
Anne & Lynn Wheeler http://www.garlic.com/~lynn/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list