Binding cryptography - much work, little point ?
Peter M Allan
peter.allan at aeat.co.uk
Fri Oct 11 05:23:55 PDT 1996
Eric_Verheul writes:
> In our scheme any third party, which is probably never a TRP, can check
> equality of the sessionkeys send to the primary recipient (the TRP) and
> the second recipient (the real adressee), i.e. *without* needing secret
So could anyone anyway by asking the TRP. The TRP returns a Yes/No
answer, withou disclosing the session key. Is your binding scheme motivated mainly
by avoiding that workload on the TRP ? Or by the fact that everybody might
prefer a different TRP ?
I suspect the scheme is incomplete anyway. After skimming the web page I
see that the aim is to show the same session key has been encrypted under
different ElGamal pubkeys. Now who's to say those pubkeys belong to anyone ?
Or is this what is meant by "such as Margaret's identity" ? You'd list the
ids of the TRPs and also prove that the pubkeys used were theirs .... ?
Now to the politics...
E__Allen_Smith writes:
> Quite simply, you've invented a system that makes censorship more
> possible. As a scientist, I try to avoid areas that have such negative
> effects
The usual Big Problems for GAK
1) What's in it for the user ?
2) What happens when the Feds recover meaningless data ?
2 does not seem to be addressed except by proposing restrictions
which Eric dismisses as follows:
Adam Back:
>system because their stated aims are untrue: they *do* want to outlaw
>non-escrowed encryption for domestic US traffic, and they *do* want to
Eric Verheul:
> Who is they, governments as a whole? If you simplify discussions in this
> way, I might as well say: "you guys only want to help criminals". I understand
> your fears, but don't exaggerate.
-- Peter Allan peter.allan at aeat.co.uk
More information about the cypherpunks-legacy
mailing list