-----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- Eric Hughes writes:

...

If you're not going to make the public key public, why use public key cryptography at all ? Save time and effort and use a symmetric cipher.

You can't do authentication with a shared secret key, because there's nothing to differentiate the two sides of the link.

Is it really important to distinguish the two sides ? The additional threat is that an attacker could spoof my correspondent to me, once she's grabbed my secret key. But a) I thought we were assuming that other people being spoofed is _their_ problem, not ours, and b) if she's nabbed my key, odds are she's hacked my account anyway, leaving me with much larger problems.

In addition, a closely held public key might be held by 10 people;

Hmm, `closely-held' suggests that the `public' key is being passed around as a secret over some channels, in which case it might as well be a secret key being passed around over those channels to the 10 people.

with secret keys there are 90 different private keys instances to manage.

Wouldn't there only be 45 ? I agree that this is quite a few, but it's a reasonable tradeoff between disk space and processing speed unless you're communicating with a large number of people. - - -L. Futplex McCarthy; PGP key by finger or server "We've got computers, we're tapping phone lines; I know that that ain't allowed" --Talking Heads - -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLuLvdWf7YYibNzjpAQG0GQP9FIJkCLF4XbZEoydrVfCnHg32FGL5EQ1A 2286GqvVQuy6hwtqV888TOZmLkQpMjrmq+paTQpozu5s8L4z/L9WZbbyk0C/alMv faTwpUe1neSStR3KbrxK0BuP70OBKBbdZZfHI/t4Kn8jTimeBA/IG2Iou/8gecX2 g8d0otexmwI= =FtUZ - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLuLwpyoZzwIn1bdtAQFUfgGAsdDHynQfWLxX+cmCz9vxkzwQ0sIikuVG XCp0rwhl/C1P1HXBF2Xk135HXa7RO6kC =OnyQ -----END PGP SIGNATURE-----