-----BEGIN PGP SIGNED MESSAGE----- I, Bryce, wrote:

Content: includes diagrams entitled "Link Level Encryption" in which sender transmits keys to receiver, and "Packet Level Encryption" in which sender transmits key sto certificate authority which transmits them to multiple receivers, and "Synchronized Random Key Generation (SRKG)" a la "Power One Time Pad" in which no keys are transmitted and multiple recievers magically decipher messages via built-in encryption devices.

Am I right in thinking this is utter unmitigated bullsh snake oil? Does anybody have any other

An entity calling itself "Simon Spero <ses@tipper.oit.unc.edu>" is alleged to have written:

It could be doing something SKIP like; if the certificates are DH certs, it could be using those to generate a shared secret, and combing that with an IV to generate a key.

hard to tell from the article

But this would entail a certificate authority to prevent MITM attack, right? The article clearly claimed that POTP did away with the necessity of key management completely-- a claim that I find only slightly more believable than a patent application for a perpetual motion machine. Regards, Bryce "Toys, Tools and Technologies" the Niche New Signal Consulting -- C++, Java, HTML, Ecash Bryce PGP sig follows  -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01 iQCVAwUBMRkkNPWZSllhfG25AQG02QP/V5SKi0K0Ywj/wcqGVCF3SU9qqQbrHFKn GCp/f5AoltP0ZTuZ46M6ObE7ER0rmzx8CQClqfZUBdj0IOXD1wlRwvppZASRiXms BWxm3XLC/s9rcHH/CVKREinUKU0BK5Id+gnBQaR5D8dzE6PtEicoY5I9ZnGFSLUd knGdNO3GqjY= =xfpS -----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE----- An entity calling itself "Simon Spero <ses@tipper.oit.unc.edu>" is alleged to have written:

I guess I ought to try and find the article; I took this line in your message to suggest that there was such a CA. Could you possibly type in the relevant bit of the original article (though I suspect there's not much in there anyway)

Sorry. Here's what I originally said:

Content: includes diagrams entitled "Link Level Encryption" in which sender transmits keys to receiver, and "Packet Level Encryption" in which sender transmits key sto certificate authority which transmits them to multiple receivers, and "Synchronized Random Key Generation (SRKG)" a la "Power One Time Pad" in which no keys are transmitted and multiple recievers magically decipher messages via built-in encryption devices.

And here's what I meant: The central theme of the article, from a 'technical' point of view, was that in the past there have been two kinds of encryption in use, which the author calls "Link Level Encryption", in which the sender transmits his key to the receiver, and "Packet Level Encryption", in which the sender transmits is key to a certificate authority which transmits them to multiple receivers. Now for starters the network layer is really independent of key-distribution schemes, as far as I can see. So I don't know why the diagrams showing the two schemes (sender->recipient vs. certificate authority) are labelled "Link Level" and "Packet Level". But we haven't even gotten to the good stuff: "Synchronized Random Key Generation", which shows a single sender and multiple recipients transmitting securely *without* having to do any key management! Yee haw! 100% pure unrefined snake oil. Okay I think I've made my point to the Editor In Chief on the industry rag in question. Hopefully they'll be conscientious enough to print a retraction, or perhaps run an article about the hazards of snake oil in the info security industry. :-) Bryce "Toys, Tools and Technologies" the Niche New Signal Consulting -- C++, Java, HTML, Ecash Bryce PGP sig follows  -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01 iQCVAwUBMRk+evWZSllhfG25AQEuNgP/dEXVKJCff638xYs1j3NouaU9oDyrs4rK c5carfnwYqC/97J0ntIpLRlX3bg9syg45Ubi8COAhozcX6olVZ2hqw6qNgfZIDN0 xbfiUEDsxAdc/K3ya0eeNhz0RGs8pzFFTrVJqTuVSpgqafDe9qS0RlXx1I0MZXig 29SgiKbjIE8= =l+Og -----END PGP SIGNATURE-----