Giff (giff@eng.us.uu.net)
Fri, 21 Aug 1998 18:51:23 -0400 (EDT)
On Fri, 21 Aug 1998, Mike Stay wrote:
> Here's a very expensive protocol, but I think it works:
> Alice & Bob each encrypt a random # with the PK's of all the folks they
> want to talk to & exchange the results. Only if they both want to talk
> to each other will they both have the two random numbers which can be
> used to make a session key for exchanging identities.
Yes, except how would Alice know if Bob wants to talk with her? He can't
present the session key to her. If he doesn't want to talk to her, he
shouldn't have to process information in order to say, "I don't want to
talk with you right now."
Perhaps another solution is to have them talk with a trusted server.
Alice indicates who she wishes to talk to, Bob does likewise. Alice or
Bob can query the server to see who wishes to talk with them. This method
can be done with encryption to and from the server, but ultimately
requires a trusted server which is probably not desireable. :)
It may be a good idea to have a description of the scenarios where
communication may be needed and what sorts of security/privacy are
required. For example, do we want to design a protocol to let Alice and
Bob communicate without allowing anyone else to know that they are
talking? Do we want to have two complete strangers able to talk and then
every time in the future know that they are talking to each other and not
some new person? etc.
-Giff
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:11:00