[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SOI: identity protection and DOS



"Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com> writes:

> Actually, I forgot to mention the point that PK crypto only scales well when
> you have a CA. Sharing your self-signed cert with 500 people is no easier
> than sharing 500 different preshared keys.

Actually, that's not true.  If you have a full mesh of 500 people
sharing keys, then with shared secrets you have 500^2 == 250,000
shared keys (assuming each pair share a unique key).  OTOH with public
keys (preshared or otherwise) you only need a total of 500 keys in the
system.

How the public keys are verified (either by CA validation or by
pre-sharing them and validating by hand) is irrelevant to this
particular discussion.

-derek
-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available


Follow-Ups: References: