Public Key Without the Middleman

Products incorporating a new elliptic-curve cryptography method called Weil Pairings are now being released. Weil establishes a security system without the complex infrastructure mandated by RSA public/private key cryptography.

The Weil approach, also known as identity-based encryption, creates a set of public parameters. Users can send secure messages without qualifying themselves in the public-key directory. This could allow citizens to send a tip securely and anonymously to the police, for instance.

Weil systems also let the server generate any user's private key, so the administering entity has access to everything. There is no single point of failure for secure messages. And private keys can be set to expire, making management easier.

There are downsides, though. Because the sender of a message can be anonymous, his or her identity is refutable. But more importantly, the serveris a key escrow agent, able to decrypt any message sent.

Perhaps the biggest negative is that Weil is best-suited for niche apps, yet start-up Voltage Security and other vendors are marketing it more broadly. It's not clear to us that Weil will ever replace RSA as a general-use key infrastructure.Post a comment or question on this story.