[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SOI: identity protection and DOS
Derek Atkins wrote:
> Do you mean pre-shared secret-key or pre-shared public-key? I happen
> to agree with Steve that pre-shared public-key is sufficient (and
> probably superior) to pre-shared secret-key authentication. In other
> words, we pre-share RSA Public Keys. No certificates are necessarily
> required. As was pointed out, see SSH for an example of how this
> works.
I agree that pre-shared public key is sufficient, and argue that either
one is necessary for at least easy testing. There's also one benefit
to this not already mentioned (that I noticed), i.e. that
"foobar" or "you'll never guess" are not public keys.
Ari
--
"They that can give up essential liberty to obtain a little
temporary safety deserve neither liberty nor safety." - Benjamin Franklin
Ari Huttunen phone: +358 9 2520 0700
Software Architect fax : +358 9 2520 5001
F-Secure Corporation http://www.F-Secure.com
F(ully)-Secure products: Securing the Mobile Enterprise
Follow-Ups:
References: