[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SPKI signing keys only

At 2:48 PM -0700 6/26/97, Brian M. Thomas wrote:
>Any other discussion?

I know of no technical way to prevent people from using signing keys for
encryption.  If it becomes legally required, then all signing applications
will have to be approved before sale.  Since the math for some crypto
operations is so simple, roll-your-own becomes simple and the requirement
is just so much FUD.  For example, consider Diffie Hellman key exchange.
We can eliminate the man in the middle by signing the data transferred as
part of the protocol.  We are just using the public/private key pairs for
signing, but anyone with a crypto library can use the signing to give
authenticated key exchange with perfect forward security.

Enforcing GAK is a political problem.  There is no technical solution.

Bill Frantz       | The Internet was designed  | Periwinkle -- Consulting
(408)356-8506     | to protect the free world  | 16345 Englewood Ave.
frantz@netcom.com | from hostile governments.  | Los Gatos, CA 95032, USA