[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: On shared keys (was RE: SOI: identity protection and DOS)
At 01:34 AM 11/27/2001 +0200, Hugo Krawczyk wrote:
>Everyone agrees that public key is the ONLY way to a scalable
>Internet-wide protocol. No question about it. In particular,
>any key-exchange protocol for IPsec MUST provide a PK-based exchange.
>
No. I STRONGLY disagree. I'll give a counter example. The banking
ATM network uses DES keys. It has scaled, in practice, world wide.
And BTW, it's security & trust model is excellent. Have you ever heard
of a major compromise, say on the scale of 25,000 card #'s being stolen
(like with Visa?). Certainly nobody distrusts it because it uses
symmetric keys for authentication. In fact I'm certain YOU trust it
at least a couple a times a month. :-)
- Alex
--
Alex Alten
Alten@Home.Com
Follow-Ups:
References: