[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: On shared keys (was RE: SOI: identity protection and DOS)

To: "'Derek Atkins'" <warlord@mit.edu>, "Wang, Cliff" <CWang@smartpipes.com>
Subject: RE: On shared keys (was RE: SOI: identity protection and DOS)
From: "Wang, Cliff" <CWang@smartpipes.com>
Date: Fri, 30 Nov 2001 22:12:25 -0000
Cc: "'david chen'" <ietf_davidchen@hotmail.com>, Sandy Harris <sandy@storm.ca>, "'IPsec WG'" <ipsec@lists.tislabs.com>
Sender: owner-ipsec@lists.tislabs.com

It depends on how you see things. I agree that you only need to have 2N keys
in existence.
But from a usage/implementation/deployment point of view, you are still
dealing n*(n-1) key delivery. The only difference is that you deliver the
same public key (N-1) times to N boxes in the case of RSA, but you deliver
(N-1)*N/2 different keys in PSK case, assuming we are talking a full mesh
relationship.

Maybe we see things from different view point. From mathematics, you are
right in the number of keys needed.
>From an operation point of view, I see no scalability advantage, in terms of
key generation (RSA key pair is much more expensive than a random symmetric
key), in terms of delivery, in terms of usage, in terms of storage.

So I guess we need to make it clear on what is the assumption of the
discussion, when we claim scalability advantage. Mathematically, or in real
world applications.


-----Original Message-----
From: Derek Atkins [mailto:warlord@MIT.EDU] 
Sent: Friday, November 30, 2001 5:00 PM
To: Wang, Cliff
Cc: 'david chen'; Sandy Harris; 'IPsec WG'
Subject: Re: On shared keys (was RE: SOI: identity protection and DOS)


"Wang, Cliff" <CWang@smartpipes.com> writes:

> If you pre-share peer's public key instead of using CA, then it is the 
> same
> n*(n-1) scale.
> It is no better than pre-shared key in scalability. 

No, because unlike symmetric keys you do NOT need a unique key per peer with
public/private keys.  Each node has one key-pair and all peers get a copy of
the public key.  So there are only N keys (well,
technically 2*N keys, N public keys and N private keys ;)   But this
is still better than the N*(N-1)/2 symmetric keys.

-derek

> -----Original Message-----
> From: Derek Atkins [mailto:warlord@MIT.EDU]
> Sent: Friday, November 30, 2001 4:17 PM
> To: Wang, Cliff
> Cc: 'david chen'; Sandy Harris; 'IPsec WG'
> Subject: Re: On shared keys (was RE: SOI: identity protection and DOS)
> 
> 
> "Wang, Cliff" <CWang@smartpipes.com> writes:
> 
> > 3) why each device needs to have 499 public keys? They are contained
> > in each box's cert and delivered as part of IKE exchange.
> 
> You pre-share to keys so you don't need a Certification Authority.
> 
> Basically, if I have a copy of your driver's license in my posession, 
> then in order to verify your driver's license I just need to compare 
> it to my copy.  That way I don't have to go ask the DMV to verify it 
> for me, I've cached that verification locally (by storing a copy).
> 
> -derek
> 
> -- 
>        Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
>        Member, MIT Student Information Processing Board  (SIPB)
>        URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
>        warlord@MIT.EDU                        PGP key available

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available

Prev by Date: Re: ipsec in tunnel mode and dynamic routing
Next by Date: Re: ipsec in tunnel mode and dynamic routing
Prev by thread: Re: On shared keys (was RE: SOI: identity protection and DOS)
Next by thread: Re: SOI: identity protection and DOS
Index(es):
- Main
- Thread