Eric_Verheul writes:
In our scheme any third party, which is probably never a TRP, can check equality of the sessionkeys send to the primary recipient (the TRP) and the second recipient (the real adressee), i.e. *without* needing secret
So could anyone anyway by asking the TRP. The TRP returns a Yes/No answer, withou disclosing the session key. Is your binding scheme motivated mainly by avoiding that workload on the TRP ? Or by the fact that everybody might prefer a different TRP ? I suspect the scheme is incomplete anyway. After skimming the web page I see that the aim is to show the same session key has been encrypted under different ElGamal pubkeys. Now who's to say those pubkeys belong to anyone ? Or is this what is meant by "such as Margaret's identity" ? You'd list the ids of the TRPs and also prove that the pubkeys used were theirs .... ? Now to the politics... E__Allen_Smith writes:
Quite simply, you've invented a system that makes censorship more possible. As a scientist, I try to avoid areas that have such negative effects
The usual Big Problems for GAK 1) What's in it for the user ? 2) What happens when the Feds recover meaningless data ? 2 does not seem to be addressed except by proposing restrictions which Eric dismisses as follows: Adam Back: >system because their stated aims are untrue: they *do* want to outlaw >non-escrowed encryption for domestic US traffic, and they *do* want to Eric Verheul: > Who is they, governments as a whole? If you simplify discussions in this > way, I might as well say: "you guys only want to help criminals". I understand > your fears, but don't exaggerate. -- Peter Allan peter.allan@aeat.co.uk