At 4:46 PM 10/9/95, Hal wrote:
Bill Stewart <stewarts@ix.netcom.com> writes: ....
also a signed attribute statement from the Bank's key that it's a bank, etc. The meaning of the certificates changes a bit, but there's still a certificate from the bank binding Alice's Key to Alice's Bank Account.
I can see using keys with attributes in this way, for credentials or as other forms of authorization. But what about for communications privacy? What is the attribute that tells you that using this key will prevent eavesdropping?
For communication, the only credential Alice needs to ensure that only Bob can read her message is that she uses Bob's public key. If "Bob the Key" reads it, presumably it was "Bob the Person" who read it. (Again, Bob the Key = Bob the Person to many of us. If Bob the Person has let his private key out, so that Chuck the Person is also able to read the Bob the Key stuff, etc., then of course cryptography cannot really handle this situtation.) --Tim May Views here are not the views of my Internet Service Provider or Government. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway."