[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SOI: identity protection and DOS
The 'pre-shared key' will need 500^2 for a full mesh of the 500 device if
the 'pre-shared key' is symetric keys.
However, the 'preshared public key' (self-cert is an example) is a different
story.
--- David
----- Original Message -----
From: "Derek Atkins" <warlord@mit.edu>
To: <andrew.krywaniuk@alcatel.com>
Cc: "'Paul Hoffman / VPNC'" <paul.hoffman@vpnc.org>;
<ipsec@lists.tislabs.com>
Sent: Tuesday, November 27, 2001 11:36 PM
Subject: Re: SOI: identity protection and DOS
> "Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com> writes:
>
> > Actually, I forgot to mention the point that PK crypto only scales well
when
> > you have a CA. Sharing your self-signed cert with 500 people is no
easier
> > than sharing 500 different preshared keys.
>
> Actually, that's not true. If you have a full mesh of 500 people
> sharing keys, then with shared secrets you have 500^2 == 250,000
> shared keys (assuming each pair share a unique key). OTOH with public
> keys (preshared or otherwise) you only need a total of 500 keys in the
> system.
>
> How the public keys are verified (either by CA validation or by
> pre-sharing them and validating by hand) is irrelevant to this
> particular discussion.
>
> -derek
> --
> Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
> Member, MIT Student Information Processing Board (SIPB)
> URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
> warlord@MIT.EDU PGP key available
>
>
References: