[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: On shared keys (was RE: SOI: identity protection and DOS)
"Wang, Cliff" <CWang@smartpipes.com> writes:
> If you pre-share peer's public key instead of using CA, then it is the same
> n*(n-1) scale.
> It is no better than pre-shared key in scalability.
No, because unlike symmetric keys you do NOT need a unique key per
peer with public/private keys. Each node has one key-pair and all
peers get a copy of the public key. So there are only N keys (well,
technically 2*N keys, N public keys and N private keys ;) But this
is still better than the N*(N-1)/2 symmetric keys.
-derek
> -----Original Message-----
> From: Derek Atkins [mailto:warlord@MIT.EDU]
> Sent: Friday, November 30, 2001 4:17 PM
> To: Wang, Cliff
> Cc: 'david chen'; Sandy Harris; 'IPsec WG'
> Subject: Re: On shared keys (was RE: SOI: identity protection and DOS)
>
>
> "Wang, Cliff" <CWang@smartpipes.com> writes:
>
> > 3) why each device needs to have 499 public keys? They are contained
> > in each box's cert and delivered as part of IKE exchange.
>
> You pre-share to keys so you don't need a Certification Authority.
>
> Basically, if I have a copy of your driver's license in my posession, then
> in order to verify your driver's license I just need to compare it to my
> copy. That way I don't have to go ask the DMV to verify it for me, I've
> cached that verification locally (by storing a copy).
>
> -derek
>
> --
> Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
> Member, MIT Student Information Processing Board (SIPB)
> URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
> warlord@MIT.EDU PGP key available
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available
References: