The big problem with transparent encryption and signatures is key distribution: if you've never sent a letter to me, your mailer will have to get my key (invisibly) before the mail can be sent. The big problem with key distribution is the web of trust: who gets to decide which keys are good? .... If I have never sent you mail, consider how I got your e-mail address? You could have sent your public key to me along with your e-mail address. If your public key is too big you could include a phoneticized secure hash of your public key and I could check big brother (the CA). I suspect that initial bits of a public key serve pretty well as a secure hash. Perhaps all email addresses should be accompanied by such a hash. The more initial bits
At 1:34 AM 11/28/94, Alex Strasheim wrote: .... the harder to find a fake public key with sutiable mathematical properties and initial bits that agree with your real pulic key. If an email address and its associated PK are sent thru unauthenticated channels a man in the middle can substitute the PK. In the same situation, however, the man in the middle can substitute the email address! ....