[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: POTP gets good press




-----BEGIN PGP SIGNED MESSAGE-----

 An entity calling itself "Simon Spero
 <[email protected]>" is alleged to have written:

> I guess I ought to try and find the article; I took this line in your 
> message to suggest that there was such a CA. Could you possibly type in 
> the relevant bit of the original article (though I suspect there's not 
> much in there anyway)


Sorry.  Here's what I originally said:

> Content:  includes diagrams entitled "Link Level Encryption"
> in which sender transmits keys to receiver, and "Packet
> Level Encryption" in which sender transmits key sto
> certificate authority which transmits them to multiple
> receivers, and "Synchronized Random Key Generation (SRKG)"
> a la "Power One Time Pad" in which no keys are transmitted
> and multiple recievers magically decipher messages via
> built-in encryption devices.


And here's what I meant:


The central theme of the article, from a 'technical' point
of view, was that in the past there have been two kinds of
encryption in use, which the author calls "Link Level
Encryption", in which the sender transmits his key to the
receiver, and "Packet Level Encryption", in which the sender
transmits is key to a certificate authority which transmits
them to multiple receivers.


Now for starters the network layer is really independent of
key-distribution schemes, as far as I can see.  So I don't
know why the diagrams showing the two schemes
(sender->recipient vs. certificate authority) are labelled
"Link Level" and "Packet Level".  But we haven't even gotten
to the good stuff:


"Synchronized Random Key Generation", which shows a single
sender and multiple recipients transmitting securely
*without* having to do any key management!  Yee haw!


100% pure unrefined snake oil.


Okay I think I've made my point to the Editor In Chief on
the industry rag in question.  Hopefully they'll be
conscientious enough to print a retraction, or perhaps run
an article about the hazards of snake oil in the info
security industry.  :-)


Bryce


                 "Toys, Tools and Technologies"
 <a href="http://www.c2.org/~bryce/Niche.html"> the Niche </a>
        New Signal Consulting -- C++, Java, HTML, Ecash
           <a href="mailto:[email protected]"> Bryce </a>
 
PGP sig follows


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01

iQCVAwUBMRk+evWZSllhfG25AQEuNgP/dEXVKJCff638xYs1j3NouaU9oDyrs4rK
c5carfnwYqC/97J0ntIpLRlX3bg9syg45Ubi8COAhozcX6olVZ2hqw6qNgfZIDN0
xbfiUEDsxAdc/K3ya0eeNhz0RGs8pzFFTrVJqTuVSpgqafDe9qS0RlXx1I0MZXig
29SgiKbjIE8=
=l+Og
-----END PGP SIGNATURE-----