From: Carl Ellison <cme@ACM.ORG>
To: frantz@netcom.com (Bill Frantz)
Message Hash: 293ad8c57f36c6b586ae99610564efbdad9e3f54c0a43610de9d4b05f376c364
Message ID: <v03006602add10d52d5cf@[168.143.8.144]>
Reply To: <199605280545.WAA04738@comsec.com>
UTC Datetime: 1996-05-29 01:36:28 UTC
Raw Date: Wed, 29 May 1996 09:36:28 +0800
From: Carl Ellison <cme@ACM.ORG>
Date: Wed, 29 May 1996 09:36:28 +0800
To: frantz@netcom.com (Bill Frantz)
Subject: Re: Clipper III analysis
In-Reply-To: <199605280545.WAA04738@comsec.com>
Message-ID: <v03006602add10d52d5cf@[168.143.8.144]>
MIME-Version: 1.0
Content-Type: text/plain
There were a number of flaws in that paper, but perhaps the most glaring to
me is that there are actually 3 classes of key:
the two you mentioned:
communications key
storage key
and
signature key
Of these, you want key recovery *only* for storage keys. You want to make
sure no one can get to your signature key. Even the IWG paper notes that.
But the only use for a PKI of any form is for a signature key. Once you
have your identity established somehow for a signature key, you can
generate and sign comm or storage keys at will. Furthermore, if you lose a
signature key, there's no big loss. You generate a new one and get a new
cert for it. So there's *NEVER* a reason for key recovery for a signature
key -- the only keys for which there is a need for a PKI.
I find myself wondering.
Did some very clever crypto-theoretician plant this idea in their heads
(sig key database giving GAK) knowing that the structure had termites?
I first heard this from Micali...and here I always thought he was on their
side. I may have misjudged the man. :)
- Carl
+------------------------------------------------------------------------+
|Carl M. Ellison cme@acm.org http://www.clark.net/pub/cme |
|PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2|
| "Officer, officer, arrest that man! He's whistling a dirty song." |
+-------------------------------------------- Jean Ellison (aka Mother) -+
Return to May 1996
Return to “Carl Ellison <cme@ACM.ORG>”
Unknown thread root