[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SPKI signing keys only

To: spki@c2.net
Subject: Re: SPKI signing keys only
From: Bill Frantz <frantz@netcom.com>
Date: Thu, 26 Jun 1997 21:30:08 -0700
In-Reply-To: <199706262148.QAA13087@entropy.sbc.com>
Sender: owner-spki@c2.net

At 2:48 PM -0700 6/26/97, Brian M. Thomas wrote:
>Any other discussion?

I know of no technical way to prevent people from using signing keys for
encryption.  If it becomes legally required, then all signing applications
will have to be approved before sale.  Since the math for some crypto
operations is so simple, roll-your-own becomes simple and the requirement
is just so much FUD.  For example, consider Diffie Hellman key exchange.
We can eliminate the man in the middle by signing the data transferred as
part of the protocol.  We are just using the public/private key pairs for
signing, but anyone with a crypto library can use the signing to give
authenticated key exchange with perfect forward security.

Enforcing GAK is a political problem.  There is no technical solution.


-------------------------------------------------------------------------
Bill Frantz       | The Internet was designed  | Periwinkle -- Consulting
(408)356-8506     | to protect the free world  | 16345 Englewood Ave.
frantz@netcom.com | from hostile governments.  | Los Gatos, CA 95032, USA

References:

Re: SPKI signing keys only

From: "Brian M. Thomas" <bt0008@entropy.sbc.com>

Prev by Date: Re: boy am I sorry I raised the question
Next by Date: Re: legal question about certs
Prev by thread: Re: SPKI signing keys only
Next by thread: Re: SPKI signing keys only
Index(es):
- Main
- Thread