CDR: Re: Public Key Infrastructure: An Artifact...
Jim Choate
ravage at ssz.com
Thu Nov 16 19:41:46 PST 2000
On Thu, 16 Nov 2000, Greg Broiles wrote:
> The quoted text isn't mine - but, to further expand on Mac's comments,
> it's not even necessary that the offeror's identity be clear to potential
> acceptors.
The reality is that, other than for emotional reasons, there is no real
requirement that the purchaser and the provider have any relationship
other than anonymous.
The real problem is in guaranteeing to all parties that the binding
between the key and the 'owner' be absolutely air tight. Unfortunately
this is the one aspect that has received the least attention. It is the
primary problem with key management other than scaling. If the relation
between owner and key is not strictly secure then problems arise.
Face to face (so much for anonymity to a third party) and trusted
intermediaries (which opens up traffic analysis and rubber hose attacks)
are clearly not sufficient. This is the reason I say the PGP style
web-of-trust is not effective.
How do you anonymously guarantee the binding between the two parties and
their respective keys, while remaining anonymous? Is it a requirement that
one or more parties have access to the (public) keys?
____________________________________________________________________
He is able who thinks he is able.
Buddha
The Armadillo Group ,::////;::-. James Choate
Austin, Tx /:'///// ``::>/|/ ravage at ssz.com
www.ssz.com .', |||| `/( e\ 512-451-7087
-====~~mm-'`-```-mm --'-
--------------------------------------------------------------------
More information about the cypherpunks-legacy
mailing list