About that "Mighty Fortress"... What's it look like?
Ben Laurie
ben at links.org
Thu Aug 19 04:09:00 EDT 2010
On 17/08/2010 16:53, Perry E. Metzger wrote:
> On Tue, 17 Aug 2010 15:04:00 +0300 Alexander Klimov
> <alserkli at inbox.ru> wrote:
>> On Sat, 31 Jul 2010, Perry E. Metzger wrote:
>>> There is no rational reason at all that someone should "endorse" a
>>> key when it is possible to simply do a real time check for
>>> authorization. There is no reason to sign a key when you can just
>>> check if the key is in a database.
>>
>> Each real-time check reveals your interest in the check. What about
>> privacy implications?
>
> Well, OCSP and such already do online checks in real time, so there is
> no difference there between my view of the world and what people claim
> should be done for certificates.
>
> The more interesting question is whether the crypto protocols people
> can come up with ways of doing online checks for information about
> keys that don't reveal information about what is being asked for. That
> would help in both the certificate and non-certificate versions of
> such checks.
Selective disclosure allows this kind of thing (e.g. "check that x is
not on a blacklist without revealing x"). Not sure it's particularly
efficient, though...
--
http://www.apache-ssl.org/ben.html http://www.links.org/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list