On 10/27/2015 03:55 AM, Robert J. Hansen wrote:
You start from tautology and conclude at paradox. This doesn't appear to be something to be taken seriously.
Allow me to try again: *There is no secure communication over an insecure channel without out-of-channel bootstrap*. I believe the above can be re-phrased as follows, with no change in meaning: Cryptography is an art of turning large secrets into small secrets. [1] We need a secure channel to transfer small secrets (typically the cryptographic device and the key), so that we can communicate large secrets over an insecure channel. [2] ___________ [1] The definition is of course not mine. [2] It is often forgotten that it is not ~only~ the key that comprises the "bootstrap". The cryptographic device does not need to be secret, but it must be authenticated, which can not be done over an insecure channel. Same holds for the "public" key in asymmetric systems. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
