On Thu, 22 Sep 2005 07:52:08 -0700 "Daniel A. Nagy"
<nagydani(_at_)epointsystem(_dot_)org> wrote:
Simply? How exactly do you suggest to share a common key so that
the parties
can be reassured that it's their shared secret?
many variations of this are possible;
new signing subkeys, set to expire within hours of the message
time,
Again, how do you share them?
the sender generates the new keypair, and sends it signed and
encrypted, to the receiver
it is neither more nor less trustworthy than the primary keys of
the sender and receiver,
which could also conceivably be given to other parties,
split key systems with shares set to one, and split to only the
receiver and sender keys, etc.
I haven't seen split key implementations either in OpenPGP
compliant tools,
though I know they are mentioned in RFC2440.
pgp has had them implemented since 6.x
a new type of pgp signature to deal with this issue was proposed by
Ian Brown and Adam Back,
http://www.cs.ucl.ac.uk/staff/I.Brown/nts.htm
where the session key is signed, not the plaintext
(don't know if people want to explore this now, or wait until after
the rfc 2440 is finalized, and save it for a further update,
i would welcome this useful type of signature,
as i imagine many users would )
vedaal
--
Daniel
Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2
Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434
Promote security and make money with the Hushmail Affiliate Program:
http://www.hushmail.com/about-affiliate?l=427