[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: On shared keys (was RE: SOI: identity protection and DOS)
Derek Atkins writes:
> Michael Thomas <mat@cisco.com> writes:
>
> > I don't think I agree if by Internet-wide you mean
> > any-any scaling. I frankly don't think that such a
> > thing exists, or is likely to exist. Thus while PK
> > exchanges give many useful properties, enrollment,
> > compromise, and administration are still problems
> > for both. Indeed, the only thing in existence
> > right now that scales to any appreciable degree is
> > *not* based on asymmetric keys (GSM). It seems to
> > scale well enough for its application and
> > acceptible risk parameters.
>
> Except that keys are transmitted between "countries" in clear-text...
Far be it for me to defend telco standards, but
the key is acceptible risk. In any case, all I
really meant to dispute is that you can't build
scalable strong auth systems without PKI. It's
manifestly possible.
Mike
References: