Identity-based public key cryptography

[M J D Brown]

On Mon 17 Dec, Peter Fairbrother wrote:

> This is all possible, but like you I have reservations about anything from
> CESG. I tried to get the source code but they require a NDA which I won't
> agree to - I couldn't criticise it.
> 
> The splitting of the CA is contentious, and there is a (split?) secret that
> if revealed would compromise _every_ key. Anyone can request a private key
> from the CA and it will be sent to the identity inherent in the key, so
> identity theft/spoofing is a problem, never mind the secure transfer of the
> private key - a MITM attack is possible. Key revocation is a nightmare too.

I think that we may be collectively misinterpreting the semantics of Public
Key in this context.  I have just returned from the IMA Cryptography and
Coding Conference at Cirencester at which Clifford Cocks gave a lucid talk
on this topic.  Its intended application would appear to fit best in an
environment where there is an organisational structure linking the various
participants and the CA represents some level of command.  I do not think
that it addresses the Joe Soap Public environment where nobody, rightly,
acknowledges fealty towards a higher authority.

It is a debatable question, however, into which category an NHS application
belongs.  Whilst it is true that individual medical practitioners enjoy a
professional independence, I would argue that they are no more than trustees
of their portions of the overall database.  As a user of the NHS I would not
like to think that my records were no safer in their integrity than the
dubious reliability of a typicle office PC installation with its customary
cavalier approach to taking daily off-site backups.  Candidly, having seen
the way in which paper records are typically handled in GP offices, I am
not over bothered by the confidentiality aspect of their computer storage. 

[other good technical discussion points omitted]

Mike.
-- 
M J D Brown: 2 Carters Close, Bretton, Peterborough PE3 9AW, England