On Thu, 16 Nov 2000, Greg Broiles wrote:
The quoted text isn't mine - but, to further expand on Mac's comments, it's not even necessary that the offeror's identity be clear to potential acceptors.
The reality is that, other than for emotional reasons, there is no real requirement that the purchaser and the provider have any relationship other than anonymous. The real problem is in guaranteeing to all parties that the binding between the key and the 'owner' be absolutely air tight. Unfortunately this is the one aspect that has received the least attention. It is the primary problem with key management other than scaling. If the relation between owner and key is not strictly secure then problems arise. Face to face (so much for anonymity to a third party) and trusted intermediaries (which opens up traffic analysis and rubber hose attacks) are clearly not sufficient. This is the reason I say the PGP style web-of-trust is not effective. How do you anonymously guarantee the binding between the two parties and their respective keys, while remaining anonymous? Is it a requirement that one or more parties have access to the (public) keys? ____________________________________________________________________ He is able who thinks he is able. Buddha The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------