[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SOI: identity protection and DOS



The 'pre-shared key' will need 500^2 for a full mesh of the 500 device if
the 'pre-shared key' is symetric keys.

However, the 'preshared public key' (self-cert is an example) is a different
story.

--- David

----- Original Message -----
From: "Derek Atkins" <warlord@mit.edu>
To: <andrew.krywaniuk@alcatel.com>
Cc: "'Paul Hoffman / VPNC'" <paul.hoffman@vpnc.org>;
<ipsec@lists.tislabs.com>
Sent: Tuesday, November 27, 2001 11:36 PM
Subject: Re: SOI: identity protection and DOS


> "Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com> writes:
>
> > Actually, I forgot to mention the point that PK crypto only scales well
when
> > you have a CA. Sharing your self-signed cert with 500 people is no
easier
> > than sharing 500 different preshared keys.
>
> Actually, that's not true.  If you have a full mesh of 500 people
> sharing keys, then with shared secrets you have 500^2 == 250,000
> shared keys (assuming each pair share a unique key).  OTOH with public
> keys (preshared or otherwise) you only need a total of 500 keys in the
> system.
>
> How the public keys are verified (either by CA validation or by
> pre-sharing them and validating by hand) is irrelevant to this
> particular discussion.
>
> -derek
> --
>        Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
>        Member, MIT Student Information Processing Board  (SIPB)
>        URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
>        warlord@MIT.EDU                        PGP key available
>
>


References: