[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: On shared keys (was RE: SOI: identity protection and DOS)



If you pre-share peer's public key instead of using CA, then it is the same
n*(n-1) scale.
It is no better than pre-shared key in scalability. 

-----Original Message-----
From: Derek Atkins [mailto:warlord@MIT.EDU] 
Sent: Friday, November 30, 2001 4:17 PM
To: Wang, Cliff
Cc: 'david chen'; Sandy Harris; 'IPsec WG'
Subject: Re: On shared keys (was RE: SOI: identity protection and DOS)


"Wang, Cliff" <CWang@smartpipes.com> writes:

> 3) why each device needs to have 499 public keys? They are contained 
> in each box's cert and delivered as part of IKE exchange.

You pre-share to keys so you don't need a Certification Authority.

Basically, if I have a copy of your driver's license in my posession, then
in order to verify your driver's license I just need to compare it to my
copy.  That way I don't have to go ask the DMV to verify it for me, I've
cached that verification locally (by storing a copy).

-derek

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available


Follow-Ups: