[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: On shared keys (was RE: SOI: identity protection and DOS)



At 01:34 AM 11/27/2001 +0200, Hugo Krawczyk wrote:
>Everyone agrees that public key is the ONLY way to a scalable
>Internet-wide protocol. No question about it. In particular,
>any key-exchange protocol for IPsec MUST provide a PK-based exchange.
>

No.  I STRONGLY disagree.  I'll give a counter example.  The banking
ATM network uses DES keys.  It has scaled, in practice, world wide.

And BTW, it's security & trust model is excellent.  Have you ever heard
of a major compromise, say on the scale of 25,000 card #'s being stolen
(like with Visa?).  Certainly nobody distrusts it because it uses
symmetric keys for authentication.  In fact I'm certain YOU trust it
at least a couple a times a month.  :-)

- Alex



--

Alex Alten
Alten@Home.Com



Follow-Ups: References: