The PAIIN model (privacy, authentication, identification, integrity, non-repudiation) is inadequate to represent the uses of cryptography. Besides the distinction between privacy and confidentiality, I'd like to point out some additional uses of cryptography which either don't fit at all or are poorly represented in this model:
Anonymity - the ability to communicate without messages being attributed to the sender (e.g. remailers). Confidential verification -- the ability to verify information without disclosing it (e.g. zero knowledge proofs). Fragmentation -- dividing control over information among several parties. Invisibility -- the ability to communicate or store information without being detected. This includes stegonography, low probability of observation communication techniques such as low power spread spectrum, and measures against traffic analysis such as link encryption. Proof of trespass -- The ability to demonstrate that anyone having access to data knew they were doing so without authorization, (e.g. for trade secret and criminal evidence law). Remote randomization -- the ability for separated parties to create fair and trusted random quantities. Resource taxing -- techniques to prove a minimum expenditure of computing resources e.g. hash-cash. Time delay -- making information available but not immediately. Transmission assurance -- anti-jam and anti censorship technology. Use control -- the whole digital rights management scene. I'm not suggesting this is a complete list or the best breakdown, but I hope is shows that the cryptographic imagination goes beyond PAIIN. Arnold Reinhold --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]