[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

On shared keys (was RE: SOI: identity protection and DOS)

To: Hugo Krawczyk <hugo@ee.technion.ac.il>
Subject: On shared keys (was RE: SOI: identity protection and DOS)
From: Michael Thomas <mat@cisco.com>
Date: Tue, 27 Nov 2001 09:01:59 -0800 (PST)
Cc: IPsec WG <ipsec@lists.tislabs.com>
In-Reply-To: <Pine.GSO.4.21.0111270123520.11590-100000@ee.technion.ac.il>
References: <p05101019b828735e44df@[165.227.249.20]><Pine.GSO.4.21.0111270123520.11590-100000@ee.technion.ac.il>
Sender: owner-ipsec@lists.tislabs.com

Hugo Krawczyk writes:
 > Everyone agrees that public key is the ONLY way to a scalable
 > Internet-wide protocol. No question about it. In particular,
 > any key-exchange protocol for IPsec MUST provide a PK-based exchange.

I don't think I agree if by Internet-wide you mean
any-any scaling. I frankly don't think that such a
thing exists, or is likely to exist. Thus while PK
exchanges give many useful properties, enrollment,
compromise, and administration are still problems
for both. Indeed, the only thing in existence
right now that scales to any appreciable degree is
*not* based on asymmetric keys (GSM). It seems to
scale well enough for its application and
acceptible risk parameters.

		Mike

Follow-Ups:

Re: On shared keys (was RE: SOI: identity protection and DOS)

From: Derek Atkins <warlord@mit.edu>

References:

RE: SOI: identity protection and DOS

From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>

On shared keys (was RE: SOI: identity protection and DOS)

From: Hugo Krawczyk <hugo@ee.technion.ac.il>

Prev by Date: Re: IKEv2 and SIGMA
Next by Date: Re: SOI: identity protection and DOS
Prev by thread: On shared keys (was RE: SOI: identity protection and DOS)
Next by thread: Re: On shared keys (was RE: SOI: identity protection and DOS)
Index(es):
- Main
- Thread