[Pine-info] getross - email privacy /security of system
pine-info at ryanb.org
Sun Nov 5 12:59:16 PST 2006
On Sun, 5 Nov 2006, Andrej Lajovic wrote:
> If so, where does the private key come from? If they generate it themselves,
> it must be somehow derived from their e-mail address. What prevents an
> interceptor to do the same? As far as I know, asymmetric cryptography is
heh, good point. i'd omitted the details. :P basically, private keys are
generated by a central authority, akin to a CA, using a master key.
of course, like anyone, my radar goes off at the idea of centralized key
escrow. however, in the stanford system, the CA and the master key are
distributed, so no rogue entity (or group) can generate private keys for email
addresses they don't own.
other proposals claim to not need a CA at all, but i don't know how they work.
for the record, i'm definitely not a crypto expert. i'll probably have to
redirect any further questions to the summary and the paper itself:
More information about the Pine-info