[standards-jig] XML Encryption

Iain Shigeoka iainshigeoka at yahoo.com
Wed Mar 20 22:50:47 UTC 2002


On 3/19/02 10:54 AM, "dirkx at covalent.net" <dirkx at covalent.net> wrote:

> Secondly - PGP -also- introduces the concept of cross signing each other
> certificate and relying on realtively trusted third party strangers. When
> refering to that - your above statement makes a lot more sense. But I was
> more refering to direct social links. To this I beleive that the statement
> about PGP is not applicable.

True.  Although for that, I wonder if it wouldn't be more useful (useable)
to provide a simple way to exchange secret keys between these directly
linked people.  Basically shared secret, symmetric encryption keys.  That
way I can call Betty or say over lunch, "I'm going to send you a bunch of
junk and the unlock code is "the fish fly at midnight"".  The software just
hashes the docs and encrypts the key with the passphrase (or does the
reverse to unlock it).  Thus keys become disposable, temporary and shared
through alternative channels.  The problem with public key systems is you
can't just tell someone your public key over hamburgers, adding friction to
the social exchange...

The traditional problem with shared secret keys is in propagating keys to
the parties, and revoking them.  Neither should be too much of a hassle if
we can assume people have direct social links in place and key
strength/security isn't too rigorous (we can use ascii passphrases, revoking
keys is rare, etc).

-iain


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com




More information about the Standards mailing list