[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: ArcotSign




> For this to work, the public key has to be kept secret(!).
>...
> As Greg points out, much the same could be accomplished simply by having
> the servers share secret 3DES keys with their users, each user having his
> own private 3DES key.  The users could encrypt messages using their 3DES
> key and the server would decrypt using the appropriate key, which would
> also serve to authenticate the user.

The difference between this scheme and a shared-secret scheme (if I
understand this scheme correctly) is that Arcot's infrastructure gives
you non-repudiation -- the central server can't forge authenticated
messages from you -- and so it's suitable for transactions of value
in a way that a shared-secret scheme isn't.

Cheers,

William