Author: Bill Heelan
$Date: 2000/07/20 19:47:57 $
$Revision: 1.1 $
In order to save a public key signature operation in the mail system (Internet to nym mail), we have a secret shared between the mail system and each nym. This secret is generated by the nym server at nym creation time, and sent back with the mail system authentication certificate (mail-cert.html). The nym server has no need to store it, so it will erase it after transmission to the client.
The client should store it securely (i.e. encrypted, with the same security as private keys, the mail system certificate, etc). Also, the client need never transmit the key; it only uses it to verify MACs on downloaded mail.
The key is generated, by the nym server, like so:
key = SHA-1(secret || entity)
where secret is the secret shared with the mail system, and nym-name is the entity identifier of the newly created nym (i.e. entity type and name).
The mail system is able to generate this key on-the-fly, as it knows both the secret and the entity.
Should the secret change (e.g. after a detected compromise), the nym will no longer be able to authenticate itself to the mail system because its certificate is invalid. It will connect to the nym server to get a new certificate, and at the same time get a new MAC key. MAC verifications on existing mail will fail, but this is the proper behaviour, assuming a compromise.
Copyright © 2000 Zero-Knowledge Systems Inc.
All Rights Reserved