Re: [Cfrg] I updated 3 drafts related to a FSU KeyEX

Stephen Farrell <stephen.farrell@cs.tcd.ie> Thu, 28 April 2016 09:26 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 87F7F12D5F3 for <cfrg@ietfa.amsl.com>; Thu, 28 Apr 2016 02:26:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.297
X-Spam-Level:
X-Spam-Status: No, score=-5.297 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MyYdvsKdyzrB for <cfrg@ietfa.amsl.com>; Thu, 28 Apr 2016 02:26:42 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 57A2712D197 for <cfrg@irtf.org>; Thu, 28 Apr 2016 02:26:42 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 1850FBE75; Thu, 28 Apr 2016 10:26:41 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AhUJAi_sOSIO; Thu, 28 Apr 2016 10:26:39 +0100 (IST)
Received: from [10.87.49.100] (unknown [86.46.24.231]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 3A704BE55; Thu, 28 Apr 2016 10:26:39 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1461835599; bh=76Ashy3WD017vbVA9FsL/i+jG3kS4uPI2n1XtsZoAZ8=; h=Subject:To:References:From:Date:In-Reply-To:From; b=f8dTzPhvgxma7/T4nPFKsgkwTuUEXcw476jvHWNZUovOK87BvKVYxLNp1qk8Fqx2W /9bWzaUvCF1W+sQ1DJmYwmhzXQM9CjlD5RgqIpzMfyloOFbisWSPvwzuMF3P9iIqaI eG5+RiB2wgBEMzMeyDrwsU4D0mI6/ObkIaYhPmPk=
To: Michael Scott <mike.scott@miracl.com>, "cfrg@irtf.org" <cfrg@irtf.org>
References: <57208A04.4070804@po.ntts.co.jp> <7a3f5420-db18-496b-af32-e490bf6d0d80@akr.io> <CAEseHRqYNGhGaA+8HhUFDNxLc2WU=5GJf+om52RRuWwtEHUhmg@mail.gmail.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <5721D74E.3010407@cs.tcd.ie>
Date: Thu, 28 Apr 2016 10:26:38 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <CAEseHRqYNGhGaA+8HhUFDNxLc2WU=5GJf+om52RRuWwtEHUhmg@mail.gmail.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms090500070809000500070005"
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/_NOxvUaAxdUR_PrTOI55FLG9VCo>
Subject: Re: [Cfrg] I updated 3 drafts related to a FSU KeyEX
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Apr 2016 09:26:43 -0000

Hi Mike,

On 28/04/16 09:35, Michael Scott wrote:
> Maybe the more accurate phrase "n uniquely attractive targets" where
> n=2,3,4... doesn't carry quite the same punch!

I'm sorry, but for me, it does have exactly the same
punch. If there are key generators, they can collude
or be coerced. Or even more likely, in a realistic
commercial Internet-scale deployment, it's quite likely
all of them (even if operated by different entities)
may be running on one or two mega-hosting platform,
so there may well be only one thing to break into
even if it looks like N things.

From my POV, the mandatory key escrow aspect of IBE
is basically fatal for all but possibly some small
set of niche applications.

Cheers,
S.