From: wcs@anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Wed, 2 Mar 94 16:25:51 PST
To: ao27+@andrew.cmu.edu
Subject: Re: Increasing the encrypted/unencrypted ratio (was Re: Insecurity of public key crypto #1 (reply to Mandl))
Message-ID: <9403030024.AA01382@anchor.ho.att.com>
MIME-Version: 1.0
Content-Type: text/plain


> [List could use a PGP key where everybody shares the private key?]

No point.  First of all, anything that everybody on the list has isn't
going to be a secret anyway; it'd get out, and who knows how
many of the subscribers are really spooks anyhow.

Second, the reason for using public-key systems is so you don't have to
distribute secret information - if you're going to do that anyway
you might as well distribute the secret key for a symmetric-key algorithm,
such as "pgp -c".

Third, the newer PGP versions can handle multiple recipients (unless I'm
mixing it up with the plans for the next version?), so you can have
the message encrypted once with one secret key, and N versions of
the secret key (+a random string) encrypted with user i's public key.