From: Eric Verheul <everheul@NGI.NL>
Date: Wed, 16 Oct 1996 08:21:11 -0700 (PDT)
To: "'cypherpunks@toad.com>
Subject: AW: (Fwd) Binding cryptography - much work, little point ?
Message-ID: <01BBBB80.CB67B500@port11.ztm.pstn.rijnhaave.net>
MIME-Version: 1.0
Content-Type: text/plain


>peter.allan@aeat.co.uk (Peter M Allan) wrote:
>[skip]
>I suspect the scheme is incomplete anyway.  After skimming the web page I
>see that the aim is to show the same session key has been encrypted under
>different ElGamal pubkeys.  Now who's to say those pubkeys belong to anyone ?
>Or is this what is meant by "such as Margaret's identity" ?  You'd list the
>ids of the TRPs and also prove that the pubkeys used were theirs ....  ?
>
One can imagine that included in the certified key of a TRP is a statement
like "PKI-ROLE = Trusted Retrieval Party". As it is certified by a higher order (e.g. a root of the PKI) it can be verified. 

Eric