can you see any problem with this?
Adrian Thurston
thurston at cs.queensu.ca
Tue Feb 5 19:10:02 CET 2008
My system can be described as encrypted news feeds.
I considered that approach and I like it because it's doesn't require
taking apart PGP messages. The problem is that in my system I need the
ability to revoke access to any single user.
With a session key unique to each message I can just re-encrypt and drop
a user. If the session key comes separately I need to ensure that the
clients always have the current symmetric key. The easiest way to do
that is to just send it with each message. But then I've just got ...
well you see :)
Adrian
Robert J. Hansen wrote:
> Adrian Thurston wrote:
>> But speed at the decryption end is a concern, so I thought I would break
>> up an encrypted message into packets and when a client requests it serve
>> up only the packet that corresponds to the session key encrypted to
>> them, then the content packet. I haven't tried it yet, but it seems as
>> though it should work. I'd like to know if there is any non-obvious
>> reason why it is a bad idea.
>
> At first blush it seems like a case of there being way too much hammer
> for the nail you have in mind.
>
> 1. Compose a single message: "the magic words are... [insert passphrase
> here]".
>
>
> 2. Write a script to encrypt each message to each recipient's key and
> mail it to them. If this takes more than 20 lines of Perl, something's
> wrong.
>
> 3. Compose your future traffic as normal, but symmetrically encrypt it
> and send it on to your recipients.
>
>
> ... Admittedly, I don't know the particulars of your environment, so
> this might be inappropriate for your needs. But it's the first thing
> that comes to mind as I read your description of what's happening.
>
>
More information about the Gnupg-users
mailing list