From: frantz@netcom.com (Bill Frantz)
To: “Matt Smith” <cypherpunks@toad.com
Message Hash: 2127c778cc5aeb9531a3f91ab864c6bd3cbc6159d9ea495f68436f15ceff6843
Message ID: <199605151800.LAA02200@netcom8.netcom.com>
Reply To: N/A
UTC Datetime: 1996-05-16 03:23:13 UTC
Raw Date: Thu, 16 May 1996 11:23:13 +0800
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 16 May 1996 11:23:13 +0800
To: "Matt Smith" <cypherpunks@toad.com
Subject: Re: distributed keys
Message-ID: <199605151800.LAA02200@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain
At 8:47 AM 5/15/96 -0600, Matt Smith wrote:
>Has anyone heard of an algorithm for managing keys automatically in a
>distributed system?
>
>For instance, if some low level security were to be implemented in a
>a networking stack where authentication was to be implemented, you would want
>to have each node have it's own signature so that signature checking can
>take place when one node connects to another node. The trick is then
>getting every node's keys distributed to every other node.
>
>...
>
(4) Have a machine responsible for generating the public-private keys for
each node. It has its own public-private key pair. It uses it's private
key to sign each node's public key. Every node gets three keys: it's
public and private keys, and the public key generating machine.
When nodes make contact they exchange signed public keys and verify the
signature of their partner's key with the public key of the generating
machine.
This is a simple certificate hierarchy scheme as seen in SET, the US Post
Office CA system, and VeriSign. Note that the generating machine does not
need to be on any network. In fact, it could spend most of its time locked
up in a safe since it is only needed when generating new keys.
------------------------------------------------------------------------
Bill Frantz | The CDA means | Periwinkle -- Computer Consulting
(408)356-8506 | lost jobs and | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA
Return to May 1996
Return to “frantz@netcom.com (Bill Frantz)”
1996-05-16 (Thu, 16 May 1996 11:23:13 +0800) - Re: distributed keys - frantz@netcom.com (Bill Frantz)