From: Rick Osborne <osborne@gateway.grumman.com>
Date: Thu, 15 May 1997 03:33:37 +0800
To: cypherpunks mailing list <cypherpunks@algebra.com>
Subject: Re: Proxy Cryptography draft available
In-Reply-To: <3.0.1.32.19970514002854.0067f568@popd.ix.netcom.com>
Message-ID: <3.0.1.32.19970514152201.009b05f0@gateway.grumman.com>
MIME-Version: 1.0
Content-Type: text/plain


I had thought about this (proxy crypto) a few weeks ago as an attack.  I
didn't give it much thought, as I'm weak on the math side, and it seemed to
me that it couldn't have been an original idea.

What really worries me is that this proxy function links alot of stuff
together: it links algorithms, it links keys, etc.  If I develop a
supposedly strong system that has a proxy function for another strong
system, then essentially if mine gets broken the other does as well.  Or,
if I recover the key for one system, I can recover the original key from
another system.  The whole situation epitomises the old "A chain is only as
strong as its weakest link" adage.  From a security point of view, this
really doesn't encourage me to include the capability for proxy functions
in any system I should happen to make.  Am I missing something here?
_________ o s b o r n e @ g a t e w a y . g r u m m a n . c o m _________
"Everybody just butt out!  I'm not in love with her!  I'm Die Fledermaus!
 The only person that I'm in love with is me and I'm out of here!" -Die
Fledermaus trying to explain his actions.