This ignorance on this board is truly stunning. It's actually hard to argue with the logic presented here.
>> The primary advantage of an IBE system is that you can encrypt to >> people whose credentials you don't have (and may not even have any >> yet). However, since this is a real-time exchange, that benefit does >> not applyhere. Anyone with a cursory knowledge of crypto knows the issues in scaling PKI are immense. Identity based cryptosystems come in all shapes and sizes, not just identity based encryption, but identity based key agreements, hierarchical key systems, etc. And there are PLENTY of well-known IBCs that are IPR free (well, at least to anyone who isn't lazy enough to look beyond Boneh-Franklin). Further, I think there are some people on this list that are also on the IETF draft bodies, and they know the proposals coming down the river, and WHY they are coming down the river, and no one has spoken up yet for this guy and his idea. If that's the case, that's shameful. David, it's a great idea, it's important, and I'll find a way to rustle up the resources to sponsor you. I think I can relegate this board to a Google archive rather than have it pollute my inbox anymore. FAIL. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Eric Rescorla Sent: 15 March 2011 15:32 To: XMPP Security Subject: Re: [Security] GSoC proposal: Identity-based end-to-end encryption for XMPP On Tue, Mar 15, 2011 at 8:20 AM, David Núñez <[email protected]> wrote: > The idea is to use the XMPP servers as Key Generation Centers (KGC), since they already provide procedures for user authentication. Thus, the project would have to develop the server components required to issue private keys to users, among others. I think that the fact that the JID of the user you want to securely communicate could act as a public key is interesting to the XMPP protocol. Yes, this does not add any value over a standard PKI system. -Ekr > However, I am aware that there have been several responses to my proposal, and it seems that it is not very interesting to XMPP. I would like to thank you for your thoughtful insights. As one of you suggested in a previous response, I will study in more depth the current problems in end-to-end communication in XMPP and try to propose something else. I was hoping to participate in this Google Summer of Code edition. Any ideas that could be arranged as a proposal? > > Best regards, > David. > > El 15/03/2011, a las 15:47, Eric Rescorla escribió: > >> On Tue, Mar 15, 2011 at 7:14 AM, David Núñez <[email protected]> wrote: >>> Thank you for your response. Respect to your first point, one advantage of the proposed scheme is that it is an alternative to digital certificates and its associated distribution infrastructure, as it relies on the identity of the users as public keys. >> >> I don't know what this means. An IBE system requires a central key >> generation server which needs to verify users identities and only >> issue keys when appropriate. The processing done by the KGS looks >> very much like that done by a CA. >> >> The primary advantage of an IBE system is that you can encrypt to >> people whose credentials you don't have (and may not even have any >> yet). However, since this is a real-time exchange, that benefit does >> not applyhere. >> >> -Ekr > > ***** Email confidentiality notice ***** This message is private and confidential. If you have received this message in error, please notify us and remove it from your system. CertiVox Ltd is a company registered in England and Wales. Registered number: 7498769. Registered office: 145-157 St. John Street London EC1V 4PY
