[Pine-info] getross - email privacy /security of system

Ryan Barrett pine-info at ryanb.org
Sun Nov 5 12:59:16 PST 2006

Previous message: [Pine-info] getross - email privacy /security of system
Next message: [Pine-info] getross - email privacy /security of system
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 5 Nov 2006, Andrej Lajovic wrote:

> If so, where does the private key come from? If they generate it themselves,

> it must be somehow derived from their e-mail address. What prevents an

> interceptor to do the same? As far as I know, asymmetric cryptography is

heh, good point. i'd omitted the details. :P basically, private keys are
generated by a central authority, akin to a CA, using a master key.

of course, like anyone, my radar goes off at the idea of centralized key
escrow. however, in the stanford system, the CA and the master key are
distributed, so no rogue entity (or group) can generate private keys for email
addresses they don't own.

other proposals claim to not need a CA at all, but i don't know how they work.

for the record, i'm definitely not a crypto expert. i'll probably have to
redirect any further questions to the summary and the paper itself:

http://crypto.stanford.edu/ibe/#technical
http://crypto.stanford.edu/~dabo/abstracts/ibe.html

-Ryan

--
http://snarfed.org/

Previous message: [Pine-info] getross - email privacy /security of system
Next message: [Pine-info] getross - email privacy /security of system
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Pine-info mailing list