On 17/04/15 18:44, Ben Laurie wrote: > The simple solution looks like this: each member of the group generates > a long-term DH key pair and signs their long-term public DH key with > their long-term signature key. The public DH keys may be known outside > the group, just like the public signature keys. > > Each member of the group can derive a shared secret from their own > private DH key and another member's public DH key, and be sure that the > owner of the signature key that signed the public DH key is the only > other party that knows the secret. > > > BTW, this is surely the flaw if you believe in the fantasy requirement: > the private DH key can be shared, and thus the derived key.
Yes of course, in any system that uses asymmetric crypto people can share their private keys, and any assumptions about keys being bound to identities are broken if they do so. Cheers, Michael
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
