From: Randy Kramer (rhkramer@fast.net)
Date: Mon Sep 23 2002 - 11:39:42 EDT
On Monday 23 September 2002 08:12 am, F J Franklin wrote:
> I don't think so. On the subject, what types of encryption would you
> consider appropriate/sufficient/adequate? In the case of
> public/private key encryption, how should AbiWord handle it (if/when
> it does)?
>
> A thought: encrypting on export with author's private key, with a
> URL for the author's public key - which gets loaded automatically on
> import? Optionally vice versa. (Need to check the W3C's encryption
> standard.)
>
Interesting -- what you describe it the way to authenticate (that is,
guarantee that what is read was written by the purported author) --
however, it does nothing for keeping the contents a secret -- anyone
with the author's public key can read it -- so I would say this is
definitely backwards for that purpose. There is probably a need to
support several possibilities:
For authentication:
* encrypt with the author's private key -- anybody can view contents
with author's public key, but if the author's public key has been
properly "safeguarded / authenticated" you can be sure it was written
by the author
For personal secrecy:
* encrypt with the author's public key -- only the author can read
it (using his private key)
For "transactional" secrecy:
* encrypt with the addressee's public key -- only the addressessee
can read it (using his private key)
And, if you are sending a secret to multiple addressees, I'm sure there
is a way to handle it, but we should learn what it is -- having several
different encryptions of the same message may make it easier to break
the encryptions (I'm not really sure) -- you may have to do something
like encrypt it with your private key and then send separate copies
encrypted with each addressee's public key.
All of this has been considered "in the literature" and AbiWord should
conform to the appropriate standards (whatever they are).
Randy Kramer
-----------------------------------------------
To unsubscribe from this list, send a message to
abiword-user-request@abisource.com with the word
unsubscribe in the message body.
This archive was generated by hypermail 2.1.4 : Mon Sep 23 2002 - 11:36:33 EDT