Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Anyone tested this?

Steve Weis steveweis at
Thu Jun 23 12:16:56 PDT 2011

A follow-up from
"It's not IBE, its non-interactive key agreement. But yes, there is a master
key server that issues, rotates and revokes."!/privateskyme/status/83949496756744192

I don't know what key agreement scheme they're using. If a master key server
is responsible for issuing private keys, then it may be a central point of
failure. They don't have any details about how it works, so I mistrust it by

On Thu, Jun 23, 2011 at 9:28 AM, Steve Weis <steveweis at> wrote:

> is based on Certivox. Details are scant, but this page
> implies that Certivox is using identity-based encryption (IBE):
> That page talks about Certivox issuing keys to senders, which are combined
> with a recipient's identity to generate the recipient's public key. That's
> the classic IBE model. However, private keys in IBE systems are generally
> issued by a central authority. That's consistent with having to install a
> Silverlight client from Privatesky before you can read any messages.
> If Privatesky is issuing private keys to each client, the statement in the
> FAQ (  "Can you see my stuff? Can you see my
> data? No." is not accurate. Users would be completely trusting the
> key-issuer. That's why IBE systems are generally proposed for an enterprise
> setting, where a central authority controls issuing keys.
> I've been talking with their CTO on Twitter and asked if this is the case:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the liberationtech mailing list