[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: On shared keys (was RE: SOI: identity protection and DOS)

To: "Wang, Cliff" <CWang@smartpipes.com>
Subject: Re: On shared keys (was RE: SOI: identity protection and DOS)
From: Derek Atkins <warlord@mit.edu>
Date: 30 Nov 2001 16:16:33 -0500
Cc: "'david chen'" <ietf_davidchen@hotmail.com>, Sandy Harris <sandy@storm.ca>, "'IPsec WG'" <ipsec@lists.tislabs.com>
In-Reply-To: "Wang, Cliff"'s message of "Fri, 30 Nov 2001 19:49:31 -0000"
References: <4652644B98DFF34696801F8F3070D3FE01188470@D2CSPEXM001.smartpipes.com>
Sender: owner-ipsec@lists.tislabs.com

"Wang, Cliff" <CWang@smartpipes.com> writes:

> 3) why each device needs to have 499 public keys? They are contained in each
> box's cert and delivered as part of IKE exchange.

You pre-share to keys so you don't need a Certification Authority.

Basically, if I have a copy of your driver's license in my posession,
then in order to verify your driver's license I just need to compare
it to my copy.  That way I don't have to go ask the DMV to verify it
for me, I've cached that verification locally (by storing a copy).

-derek

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available

References:

RE: On shared keys (was RE: SOI: identity protection and DOS)

From: "Wang, Cliff" <CWang@smartpipes.com>

Prev by Date: Re: On shared keys (was RE: SOI: identity protection and DOS)
Next by Date: Re: CBC makes Implementations too Slow.
Prev by thread: RE: On shared keys (was RE: SOI: identity protection and DOS)
Next by thread: Re: On shared keys (was RE: SOI: identity protection and DOS)
Index(es):
- Main
- Thread