On Fri, 24 Nov 2000, John Kelsey wrote:
At 04:47 PM 11/22/00 -0800, Bram Cohen wrote:
Once again, the solution to the problems of offline operation appears to be online operation.
And the annoying thing about this is that once we go to needing an online trusted third party to allow us to have secure communications, we may as well chuck the public key stuff and just use symmetric ciphers and the key exchange protocols worked out ten or fifteen years ago.
That isn't completely true - using public key protocols involves many fewer messages total, and allows for much more decentralized data access - we're using it for Mojo Nation for precisely those reasons, and it's made a fundamental difference in scalability. It isn't quite as revolutionary as one might expect though. PKI for contracts and treaties is also largely overhyped - those have long depended on agreements being widely distributed/notarized/timestamped for their reliability, and the law of contracts is all based on oral agreements. PKI just contributes a bit more evidence (and, apparently, not a crucial part) and making it be a 'legally binding signature' mostly has to do with the technical question of when an agreement goes from being negotiated to legally binding. Sending a piece of mail saying 'ok' can work just as well. -Bram Cohen