On Thu, Sep 22, 2005 at 07:21:39AM -0700, vedaal(_at_)hush(_dot_)com wrote:
this can easily be accomplished now,
within the existing standard, and existing implementations:
any two correspondents,
can simply make a third keypair, with a third name,
and each have the public and private signing and encrypting keys,
Simply? How exactly do you suggest to share a common key so that the parties
can be reassured that it's their shared secret?
anything signed with the third key, authenticates only to the
correspondents
where the receiver knows that the sender signed it,
but cannot be proved to any third party,
other than the fact that any possessor of the signing key, signed
it.
Actually, once you share some secret, you don't need to use asymmetric
crypto anymore. A message with MDC encrypted with a shared symmetric key has
all the necessary reassurances. Sharing the secret is the tricky part.
many variations of this are possible;
new signing subkeys, set to expire within hours of the message
time,
Again, how do you share them?
split key systems with shares set to one, and split to only the
receiver and sender keys, etc.
I haven't seen split key implementations either in OpenPGP compliant tools,
though I know they are mentioned in RFC2440.
--
Daniel