This morning I was trying to think of some socially redeeming uses :-)
of a bare key, and I thought of one possible example.
The general class of such uses is basically cases where you want to avoid non-
repudiation. This may sound like a non sequitur, but there are a great many
times when you want secure, authenticated communication but do not want the
messages themselves to be self-authenticating. Your abortion doctor scenario
is one example; there are less contrived ones I can think of, though.
Let us say that you sign an NDA with us, under which we will provide you with
confidential technical information. To save on FedEx costs, we want to do
this in email. To do so, we give you (via FedEx, courier, or some other
delivery vehicle) a public key which we assert will be used for communications
under the aegis of that NDA. This allows you to decrypt and authenticate
email from us, without allowing you to leak it to MacWeek in a way that lets
*them* also authenticate the source. They can claim it to the same degree
they can today, but they can't present information that is unambiguously
signed by us. In short, it provides confidentiality and authentication to
particular parties while also providing repudiation (or at least plausible
deniabilty :)) to third parties or observers.
Some manual operations will of course be necessary, since you are substituting
out of band mechanisms for automated certification, but at least a common
representation lets software present a reasonable UI for such operations.
Amanda, I really like this example. As a subscriber to the Washington Post for
20 years before moving to Boston, I understand plausible deniability!
If I was really wanted to continue this thread indefinitately, I would observe
that you could accomplish virtually the same thing with a Persona certificate.
But I won't. :-)
Bob
--------------------------------
Robert R. Jueneman
GTE Laboratories
40 Sylvan Road
Waltham, MA 02254
FAX: 1-617-466-2603
Voice: 1-617-466-2820