[Security] GSoC proposal: Identity-based end-to-end encryption for XMPP

Eric Rescorla ekr at rtfm.com
Tue Mar 15 08:47:27 CST 2011


On Tue, Mar 15, 2011 at 7:14 AM, David Núñez <dnunez at lcc.uma.es> wrote:
> Thank you for your response. Respect to your first point, one advantage of the proposed scheme is that it is an alternative to digital certificates and its associated distribution infrastructure, as it relies on the identity of the users as public keys.

I don't know what this means. An IBE system requires a central key
generation server which needs to
verify users identities and only issue keys when appropriate. The
processing done by the KGS looks
very much like that done by a CA.

The primary advantage of an IBE system is that you can encrypt to
people whose credentials you
don't have (and may not even have any yet). However, since this is a
real-time exchange, that benefit
does not applyhere.

-Ekr


More information about the Security mailing list