1994-12-05 - Re: making public keys public
Header Data
From: “L. McCarthy” <lmccarth@ducie.cs.umass.edu>
To: cypherpunks@toad.com
Message Hash: 71555e79f4f948107fc0f1c87d83ad3d450075fd3ea31097f14add6c6b4f1372
Message ID: <199412051051.FAA01191@bb.hks.net>
Reply To: N/A
UTC Datetime: 1994-12-05 10:47:14 UTC
Raw Date: Mon, 5 Dec 94 02:47:14 PST
Raw message
From: "L. McCarthy" <lmccarth@ducie.cs.umass.edu>
Date: Mon, 5 Dec 94 02:47:14 PST
To: cypherpunks@toad.com
Subject: Re: making public keys public
Message-ID: <199412051051.FAA01191@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Eric Hughes writes:
> > If you're not going to make the public key public, why use public key
> > cryptography at all ? Save time and effort and use a symmetric cipher.
>
> You can't do authentication with a shared secret key, because there's
> nothing to differentiate the two sides of the link.
Is it really important to distinguish the two sides ? The additional threat
is that an attacker could spoof my correspondent to me, once she's grabbed my
secret key. But a) I thought we were assuming that other people being spoofed
is _their_ problem, not ours, and b) if she's nabbed my key, odds are she's
hacked my account anyway, leaving me with much larger problems.
> In addition, a closely held public key might be held by 10 people;
Hmm, `closely-held' suggests that the `public' key is being passed around
as a secret over some channels, in which case it might as well be
a secret key being passed around over those channels to the 10 people.
> with secret keys there are 90 different private keys instances to
> manage.
Wouldn't there only be 45 ? I agree that this is quite a few, but it's a
reasonable tradeoff between disk space and processing speed unless you're
communicating with a large number of people.
- - -L. Futplex McCarthy; PGP key by finger or server "We've got computers,
we're tapping phone lines; I know that that ain't allowed" --Talking Heads
- -----BEGIN PGP SIGNATURE-----
Version: 2.6.1
iQCVAwUBLuLvdWf7YYibNzjpAQG0GQP9FIJkCLF4XbZEoydrVfCnHg32FGL5EQ1A
2286GqvVQuy6hwtqV888TOZmLkQpMjrmq+paTQpozu5s8L4z/L9WZbbyk0C/alMv
faTwpUe1neSStR3KbrxK0BuP70OBKBbdZZfHI/t4Kn8jTimeBA/IG2Iou/8gecX2
g8d0otexmwI=
=FtUZ
- -----END PGP SIGNATURE-----
- ---
[This message has been signed by an auto-signing service. A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service
iQBFAwUBLuLwpyoZzwIn1bdtAQFUfgGAsdDHynQfWLxX+cmCz9vxkzwQ0sIikuVG
XCp0rwhl/C1P1HXBF2Xk135HXa7RO6kC
=OnyQ
-----END PGP SIGNATURE-----
Thread
Return to December 1994
Return to ““L. McCarthy” <lmccarth@ducie.cs.umass.edu>”
1994-12-05 (Mon, 5 Dec 94 02:47:14 PST) - Re: making public keys public - “L. McCarthy” <lmccarth@ducie.cs.umass.edu>