Identity-based public key cryptography

Wed, 19 Dec 2001 06:36:39 +0000

-----BEGIN PGP SIGNED MESSAGE-----

Ben Laurie wrote:
> Brian Gladman wrote:
> > I have not looked at this scheme but I would consider it a non-starter in
> > any situation where my security or safety depended on it if, as you suggest,
> > I have to obtain my private key (or keys) from one or more third parties.
> >
> > In this situation there is no effective guarantee that I am the only person
> > with access to these keys.
> 
> There's also the issue that if N is ever revealed (N being the public
> modulus), then _all_ private keys are immediately compromised.

It's the factorisation of N that is the master secret, not N itself.
(Makes no difference to your argument, though.)

> And, exactly how does basing PKC on identity help, anyway? It still
> leaves open the question of what my identity is and how that is verified
> - seems to me that the problem has simply been pushed from binding the
> key to a trusted identity to verifying the trusted identity - no
> improvement in verifiability or management, but a massive retrograde
> step in security.
> 
> All in all, this sounds like a very poor design.

- -- 
David Hopwood <david.hopwood@zetnet.co.uk>

Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5  0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip