Re: On shared keys (was RE: SOI: identity protection and DOS)

[Michael Thomas <mat@cisco.com>]

Derek Atkins writes:
 > Michael Thomas <mat@cisco.com> writes:
 > 
 > > I don't think I agree if by Internet-wide you mean
 > > any-any scaling. I frankly don't think that such a
 > > thing exists, or is likely to exist. Thus while PK
 > > exchanges give many useful properties, enrollment,
 > > compromise, and administration are still problems
 > > for both. Indeed, the only thing in existence
 > > right now that scales to any appreciable degree is
 > > *not* based on asymmetric keys (GSM). It seems to
 > > scale well enough for its application and
 > > acceptible risk parameters.
 > 
 > Except that keys are transmitted between "countries" in clear-text...

   Far be it for me to defend telco standards, but
   the key is acceptible risk. In any case, all I
   really meant to dispute is that you can't build
   scalable strong auth systems without PKI. It's
   manifestly possible.

		Mike

---

References:

• RE: SOI: identity protection and DOS
• From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>
• On shared keys (was RE: SOI: identity protection and DOS)
• From: Hugo Krawczyk <hugo@ee.technion.ac.il>
• On shared keys (was RE: SOI: identity protection and DOS)
• From: Michael Thomas <mat@cisco.com>
• Re: On shared keys (was RE: SOI: identity protection and DOS)
• From: Derek Atkins <warlord@mit.edu>

---

• Prev by Date: SOI: selector exclusion lists/ranges
• Next by Date: Re: SOI: selector exclusion lists/ranges
• Prev by thread: Re: On shared keys (was RE: SOI: identity protection and DOS)
• Next by thread: Re: On shared keys (was RE: SOI: identity protection and DOS)
• Index(es):
  • Main
  • Thread