RE: let's get rid of SRS

On Wed, 2004-05-19 at 17:08, Seth Goodman wrote:

This is a really good idea and has been kicked around a bit, though not much
in this forum.  I have some questions about such a PK scheme that perhaps
you can answer.  First, is it feasible to create multiple private keys that
can be validated by the same public key with reasonably strong security?  If
so, would it be possible when decrypting a signature to tell which private
key it was signed with?  The motivation for this would be to gain the
ability to do per-user validation without having to publish a separate
public key for every user.  Publishing per-user public keys would certainly
give a domain that capability, but it means publishing a list of valid local
addresses.  That is something most businesses would not be happy with.


Yes, this should be able to be accomplished with what is referred to as
a 'group signature' protocol, although it's not exactly like you mention
above; usually there is a set of corresponding public and private keys
for the group.  In this type of application the group would likely be
all the users (or a specific subset) of a given source domain.  Many
group signature protocols have some caveats that would need to be taken
into account however;  Many of these protocols require a trusted
arbitrator to generate/manage keys and/or actually do the signing, who's
role may be able to be played by a DNS server or MTA.  There are group
signature protocols however that do not require a trusted arbitrator. 
I'll see if I can look into this some more because I'm not all that
familiar with group signature protocols.

-- 
Dustin D. Trammell
Vulnerability Remediation Alchemist
Citadel Security Software, Inc.

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/spf-draft-200405.txt
Wiki: http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com

signature.asc
Description: This is a digitally signed message part

<Prev in Thread]	Current Thread	[Next in Thread>
RE: let's get rid of SRS, (continued) RE: let's get rid of SRS, Seth Goodman Re: let's get rid of SRS, Meng Weng Wong Re: let's get rid of SRS, Mark let's get rid of SRS, Roger Moser RE: let's get rid of SRS, Seth Goodman RE: let's get rid of SRS, Neil Brown let's get rid of SRS, Roger Moser RE: let's get rid of SRS, Tony Finch RE: let's get rid of SRS, Seth Goodman RE: let's get rid of SRS, Nigel Metheringham RE: let's get rid of SRS, Dustin D. Trammell <= Re: let's get rid of SRS, Theo Schlossnagle Re: let's get rid of SRS, Daniel Taylor Re: let's get rid of SRS, Nico Kadel-Garcia let's get rid of SRS, Roger Moser Re: let's get rid of SRS, wayne Re: let's get rid of SRS, Meng Weng Wong SV: let's get rid of SRS, Lars Dybdahl RE: let's get rid of SRS, Shaun Bryant Re: let's get rid of SRS, Greg Wooledge let's get rid of SRS, Roger Moser