Upcoming Events

Cloud Connect
Santa Clara
Feb 13-16, 2012

Cloud Connect brings together the entire cloud eco-system to better understand the transformation we're experiencing and promises to be the defining event of the cloud computing industry. Learn about the latest cloud technologies and platforms from thought leaders in Cloud Connect’s comprehensive conference.

Register Now!

N E W S / A N A L Y S I S

Public Key Without the Middleman

July 24, 2003
By Robert Moskowitz

	Issue TOC
	Print full article
	Download as PDF
	E-Mail this URL
	Discuss this article
	Flame the author

Products incorporating a new elliptic-curve cryptography method called Weil Pairings are now being released. Weil establishes a security system without the complex infrastructure mandated by RSA public/private key cryptography.

The Weil approach, also known as identity-based encryption, creates a set of public parameters. Users can send secure messages without qualifying themselves in the public-key directory. This could allow citizens to send a tip securely and anonymously to the police, for instance.

Weil systems also let the server generate any user's private key, so the administering entity has access to everything. There is no single point of failure for secure messages. And private keys can be set to expire, making management easier.

There are downsides, though. Because the sender of a message can be anonymous, his or her identity is refutable. But more importantly, the server is a key escrow agent, able to decrypt any message sent.

Perhaps the biggest negative is that Weil is best-suited for niche apps, yet start-up Voltage Security and other vendors are marketing it more broadly. It's not clear to us that Weil will ever replace RSA as a general-use key infrastructure.

Post a comment or question on this story.