* Arshad Noor: > I may be a little naive, but can a protocol itself enforce proper > key-management? I can certainly see it facilitating the required > discipline, but I can't see how a protocol alone can enforce it. > Any examples you can cite where this has been done, would be very > helpful.
As far as I understand it, you don't actually change protocols, which means that there's likely no way around this problem. > The design paradigm we chose for EKMI was to have: > > 1) the centralized server be the focal point for defining policy; > 2) the protocol carry the payload with its corresponding policy; > 3) and the client library enforce the policy on client devices; > > In some form or another, don't all cryptographic systems follow a > similar paradigm? No, there are things like digital cash and mental poker which do not work with a trusted third party. I think it's even possible to compute RSA signatures from a split private key in a way that is secure against byzantine failure (IOW, a certain number of key holders needs to cooperate to forge a signature or recover the private key). There's also quite a bit of research on operations on encrypted databases. Of course, you cannot actually run an ordinary web shop on top of such protocols because interfaces to the public and to the processors are essentially fixed. Cryptographically securing the middle end seems rather pointless to me because the public-facing front end is the component that causes most of the trouble. (And I'm not fully convinced that more encryption is the answer to that.) --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]