Re: On shared keys (was RE: SOI: identity protection and DOS)

[Sandy Harris <sandy@storm.ca>]

Alex Alten wrote:

> I will re-iterate my position.  If a network security system is properly
> designed then either Public Key or Symmetric/Private Key cryptography
> will work fine in establishing trust.

So far, so good.

> I furthermore claim that Symmetric/Private Key cryptography
> will scale to great numbers of users

Sorry, but this is nonsense. The classic problem with symmetric crypto is
key management. It neither scales well nor works well across administrative
boundaries.

Consider n sites which all want to communicate.

For symmetric ciphers, you need n*(n-1)/2 unique keys, each of which is
known to exactly two players and none of the others. Moreover, you have
to communicate those keys securely to the second player in each case, and
then keep it secure on both systems.

With public key, you need only n key pairs. There is no need to communicate
keys securely; the system is designed to work even if the enemy knows the
public keys. Nor do you have to manage security for multiple keys, or keep
track of who each key is shared with. You just need to keep your private
key secure, not shared with anyone.
  
Of course you can build a kerberos-like system using symmetric ciphers
that has many of the advantages of public key. Using a central key server
reduces the number of keys to n client-to-server keys and may simplify
management. However, I doubt such a centralised model is appropriate for
Internet infrastructure.

> and I use the bank ATM secure network using DES as an excellent example.
> ...

I think that's an irrelevant example. A tightly controlled single purpose
terminal-to-mainframe network under a single administrative authority
bears no useful resemblanmce to the Internet. Someone gave a good detailed
analysis earlier in the thread. You should re-read it.

> As far as I'm concerned this should be the end of the discussion

I agree, but for opposite reasons.

> about whether or not Symmetric/Private Key cryptography can scale to
> large numbers of users in
> an efficient, easy to use by ordinary people, inexpensive to implement
> manner and
> interoperable between devices made by different manufacturers and
> maintained by
> different organizations.  It has been done for the past 20 years by what is
> probably the most successful world-wide commercial networked security system.
> 
> Anyone who still claims that Public Key is superior to Symmetric/Private Key
> cryptography, or that it is the only way to scale, is a *damn fool* and should
> be treated as such.

How about "obviously superior for some purposes, including most key
distribution applications" and "almost always the best way to build
scalable systems"? 

Methinks you'll consider me a fool. I heartily return the sentiment.

---

Follow-Ups:

• Re: On shared keys (was RE: SOI: identity protection and DOS)
• From: "david chen" <ietf_davidchen@hotmail.com>
• RE: On shared keys (was RE: SOI: identity protection and DOS)
• From: "Khaja E. Ahmed" <khaja.ahmed@home.com>

References:

• RE: On shared keys (was RE: SOI: identity protection and DOS)
• From: Alex Alten <Alten@home.com>

---

• Prev by Date: Re: CBC makes Implementations too Slow.
• Next by Date: Re: ipsec in tunnel mode and dynamic routing
• Prev by thread: RE: On shared keys (was RE: SOI: identity protection and DOS)
• Next by thread: Re: On shared keys (was RE: SOI: identity protection and DOS)
• Index(es):
  • Main
  • Thread