Theo Schlossnagle wrote:
On May 20, 2004, at 12:38 PM, Dustin D. Trammell wrote:
role may be able to be played by a DNS server or MTA. There are group
signature protocols however that do not require a trusted arbitrator.
I'll see if I can look into this some more because I'm not all that
familiar with group signature protocols.
Group signatures are based on group keys. Group keys negotiated without
an arbitrator are called "collaborative group key exchanges."
Check out Cliques[1]. I think it was developed over at ISI. A bunch of
very smart guys have been working on these problems[2] for years with
good success[3].
[1] http://sconce.ics.uci.edu/cliques/
[2] G. Ateniese, O. Chevassut, D. Hasse, Y. Kim and G. Tsudik, "Design
of a group key agreement api," in DARPA Information Security Conference
and Exposition (DISCEX 2000)
[3] Amir, Ateniese, Hasse, Kim, Nita-Rotaru, Schlossnagle, Schultz,
Stanton, Tsudik, "Secure Group communication in Asynchronous Networks
with Failures: Integration and Experiments," in ICDCS 2000
Too complicated. People won't do it, therefore it won't work.
PGP signing and encryption is already an effective way of verifying
the source (and content!) of an e-mail. How many people on this list
have the capability of using it _right_now_ and aren't? Note that
anyone who cares enough to be subscribed to this list is more
interested in solutions to e-mail authentication than most people.
Any solution more complicated to implement than PGP is therefore
not a particularly likely solution.
--
Daniel Taylor VP Operations Vocal Laboratories, Inc.
dtaylor(_at_)vocalabs(_dot_)com http://www.vocalabs.com/
(952)941-6580x203