Identity-based public key cryptography

[M Taylor]

On Wed, Dec 19, 2001 at 02:13:29PM +0000, Adrian Midgley wrote:
> MHG?

I meant HMG.
 
> > ... not allowing open access to experts to examine *and criticize*
> > the technology, the NDA agressment waives this ability, making it a
> > waste of time for me to exaimine the details since if I find a
> > weakness I cannot furfill my ethical responsibility to notify the public
> > using or considering to use the system of the discovered weakness.
> 
> That is really very poor of them.

Yes, and unacceptable. 

As I said, it appears to be a ploy feeding from the difficulty of 
civilian government deploying PKI as mandated or recommended by the
e-Envoy, to end up deploying an unsuitable system which reduces
accountability and only raises the bar slightly against abuse and
allows serious abuse of the system which is hard to detect if it is
compromised.

I'm confused as to how the CESG propose ID-PKC as an alternative
to PKI if it does not deal with signatures / identities, and yet 
I've heard from their own people staff it being "sold" as that.

When we people learn that agencies like the NSA, GCHQ/CESG, and CSE
are not use to playing by the same rules that the rest of us (civilised
types) play by. They are spy agencies with deeply ingrained cultural
differences. While I am confident that there are some well intended
individuals within the INFOSEC programmes, they are not use to working
within the framework of transparency and accountability that civilian
government are expect to comply with in this day in age.

-M Taylor