At 10:17 PM 9/5/00 -0400, P.J. Ponder wrote:
>
>
>On Tue, 5 Sep 2000, David Honig wrote:
>>
>> If you have a secure channel to exchange a passphrase in,
>> you have no need for PK.
>>
>
>Public key allows digital signatures,
A digsig does indeed rely on PK, but you needn't use digsigs
to use PK. Digsigs are orthogonal to the confidentiality you
get using PK to exchange ephemeral private keys (eg PGP).
which a secure channel for key
>exchange doesn't provide. Two parties may choose to use symmetric
>encryption for exchanging messages and agree between themselves to accept
>any message encrypted with the secret key to be a binding expression - but
>this method does not prevent Alice from encrytping a message to herself
>and claiming it came from Bob. Either party can cheat in this way with
>symmetric key.
PK lets you send a key via postcard which gives you strong envelopes later.
PK's ability to publish (phone book) or sign (digsigs) a key or message
are fully independent of PK's ability to let you email a key which remains
secure after sending an insecure email.
Given Carnivore (tm), 'privately' emailing your public key is
spook-equivalent to publishing on a web server, though e.g., using a
different
PK for each correspondent makes individual emails slightly more
difficult to attack. The more hard-core distribute keys to previously known
parties on physical media, only.
cheers,
dh
