[Security] GSoC proposal: Identity-based end-to-end encryption for XMPP

Eric Rescorla ekr at rtfm.com
Tue Mar 15 18:15:36 CST 2011

On Tue, Mar 15, 2011 at 4:17 PM, Brian Spector
<brian.spector at certivox.com> wrote:
> This ignorance on this board is truly stunning.  It's actually hard to
> argue with the logic presented here.

So instead you've decided to just hurl abuse. Nicely done.

>>> The primary advantage of an IBE system is that you can encrypt to
>>> people whose credentials you don't have (and may not even have any
>>> yet). However, since this is a real-time exchange, that benefit does
>>> not applyhere.
> Anyone with a cursory knowledge of crypto knows the issues in scaling PKI
> are immense.
> Identity based cryptosystems come in all shapes and sizes, not just
> identity based encryption, but identity based key agreements, hierarchical
> key systems, etc.

And all of them have more or less the same scaling properties as PKI. Look,
IBE isn't magic, it's a cryptographic technique with some very nice properties,
but it doesn't actually improve the situation much at all for
interactive protocols.
If you have some concrete argument for why that's not the case, by all
means offer it, but all you're doing now is just handwaving.

> Further, I think there are some people on this list that are also on the
> IETF draft bodies, and they know the proposals coming down the river, and
> WHY they are coming down the river, and no one has spoken up yet for this
> guy and his idea.  If that's the case, that's shameful.

As it happens, Sean and I are both quite familiar with the situation (Sean,
in case you don't know, is the IETF Security Area Director and I'm the
TLS WG chair.) The reason we're not speaking up for his idea is that it's
not a good one.

> David, it's a great idea, it's important, and I'll find a way to rustle up
> the resources to sponsor you.
> I think I can relegate this board to a Google archive rather than have it
> pollute my inbox anymore.

Ah, good, more abuse.


More information about the Security mailing list