If you want to access my private mail, which is sent to me with
a public-key cryptography scheme, you will have to find out my
pair-key.
Which of this options would you prefer:
1. Having my mail & my public key.
2. Having my mail.
The two are essentially equivalent in computational cost. That's part of the
point of public key cryptography.
In this case, it's not hard to to believe that the main delegation
will create a pair key, to use in communications who need top
security. The public key would be delivered in "hand" to the
delegations. It's fair to believe that the public key will only
be available to people the enterprise trusts (probably, those who
have access to top security information).
I cannot imagine anyone, least of all a government, using such a scheme in
preference to traditional secret-key cryptography. Why would they?
It may not be a "stated goal of this standard", but that isnt a reason
to stop discussing it.
It's a reason not to let discussion of it hold up our current action items
(namely, promoting the current MIME/PEM proposal).
Amanda Walker
InterCon Systems Corporation
PGP Key fingerprint: 594F63C03B52DC4E37E9160DE733CD87
PEM MD5OfPublicKey: 8E4A21B7025943DE2EDC7CC038B3D6B1