ID based public key is not a new concept, I believe first proposed by Adi Shamir in Crypto 84 (the first I attended :-). It's a cute concept, but I'm skeptic about its practical value - except of course as a way to force parties to use private keys known to authorities :-( The security requirement of ID based PKC is challanging, even more than `regular` PKC (which is obviously a special case). So there were many works proposing systems and also many attacks - although recently there are some proposals with proofs of security (with strong assumptions...), e.g. Boneh & Franklin in upcoming Crypto, see http://crypto.stanford.edu/~dabo/abstracts/ibe.html. But, what is the practical value of ID based systems? Not sending the public key? Give me a break... > M Taylor wrote: > > The UK Communications-Electronics Security Group (CESG), the "defensive" > > arm of the GCHQ, have published details about another PKC concept, > > identity-based PKC, where every user's public key are predetermined by an > > unique identifier, such as email address. It does use a(/two) trusted > > server(s), but might be viewed as an easier to use infrastructure than > > tranditional PKI in some situations. In what scenarios exactly? Many PKI scenarios are not ID specific at all - ID is just one way to establish trust... And even when people use IDs, why assume everybody trusts (completely!) the same authority? Best, Amir --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]