Re: making public keys public

[lmccarth@ducie.cs.umass.edu]

[This message has been signed by an auto-signing service.
 A valid signature means only that it has been received at
 the address belonging to the signature and forwarded.]

-----BEGIN PGP SIGNED MESSAGE-----

- -----BEGIN PGP SIGNED MESSAGE-----

Eric writes:
> someone (Alex Strasheim ?) writes:
>    Perhaps we would have 
>    a default web, which would have everyone's key in it.  
> 
> This is a really bad idea.  Some "public" keys should not be made
> public, but rather revealed only to the correspondent.  Forward
> secrecy is the reason.  If the public key has never been in the
> possession of an opponent, and assuming the results of the public key
> operation yield little or no information about the modulus, then when
> the keys are changed and destroyed, no amount of factoring can find
> the private key because the public key isn't around to factor.

If you're not going to make the public key public, why use public key
cryptography at all ?  Save time and effort and use a symmetric cipher.

- - -L. Futplex McCarthy; PGP key by finger or server
"Don't say my head was empty, when I had things to hide...." --Men at Work

- -----BEGIN PGP SIGNATURE-----
Version: 2.6.1

iQCVAwUBLt6Eq2f7YYibNzjpAQGIJQQAvKd0jyHXkaNfXp787EXQl/dXMYUXz8dB
dF9NF9tiYp761ZwtkeKOoASZGYWvygO+8nseE/1pFz9Gns1XkUM0uyHvg4nvgIWj
CJHtVsbV2rtRFZfIjDwD3wqsfRTRms5JvFcRpUsOSKol93hcabnIf3Vx9EAdIUSv
hEtvQUBhzKY=
=3yjE
- -----END PGP SIGNATURE-----

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBFAwUBLt6F9SoZzwIn1bdtAQFUvwGAhbycPCwIjZGjGeNMWkgnxQUJw6v2RpU3
Z2hvAV6sSiz3+wyLlkR+Nz9nTgRHqjWT
=RaG/
-----END PGP SIGNATURE-----