[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: On shared keys (was RE: SOI: identity protection and DOS)



Title: Message
Cliff,
You know the remote-access and IP 'back-bone' are the topology of
sopke-hub and mesh.
You know the assumptions are no CA and using out-of-band secured channel for
both RSA and symmetric keys.
 
It is clearly, given same topology, key delivery method are used,
RSA public keys is much more scalable than symmetric keys.
 
If cert/PKI/CA ultimately depends on "self-signed cert",
the PKI model is no better than pre-shared model and worser due to
its complexicity.
 
But, this is another discussion.
 
--- David
 
----- Original Message -----
From: Wang, Cliff
To: 'david chen' ; Sandy Harris ; 'IPsec WG'
Sent: Monday, December 03, 2001 5:41 PM
Subject: RE: On shared keys (was RE: SOI: identity protection and DOS)

David,
 
1) my analysis is on scalability, using hub-spoke and full mesh as two cases, since they represent two ends of the spectrum. It is NOT my intention to compare the topology themselves.
2) Key distribution is the most demanding and critical job. Without PKI, there is no clear scalability advantage of using public key. That's why PKI is introduced.
3) Let's  stop the thread here since enough fact and analysis has been presented. People on the list are able to draw their own conclusion based on the analysis. It is much less important for us to agree with each other.
 
-----Original Message-----
From: david chen [mailto:ietf_davidchen@hotmail.com]
Sent: Monday, December 03, 2001 5:14 PM
To: Wang, Cliff; Sandy Harris; 'IPsec WG'
Subject: Re: On shared keys (was RE: SOI: identity protection and DOS)

Cliff,
As in communication, topology first.
It was you to bring up hub-sopke against mesh.
 
1) Don't find anyone claim don't  want to have more than one secure link.
   
    Since RSA is the same (as symmetric) in hub-sopke and
    better in mesh, it is clear to me RSA is better.
 
2) For pre-shared RSA key and pre-shared symmetric key,
   The delivery method are through the same "out-of-band" secured channel.
   This was the assumption. 
    It assumed no CA and don't need it.
 
3)  The operation cost has different meaning for different profession.
     Let's defined it as the computional cost; and that is *ultimately* mathematical bond.
     (since, it is 'computatoin'. :-)
    The crypto-algorithm, number of transcations, protocol used,.. (and others) are all factors of
    the computational cost.
    Can't be done this way (in e-mail) unless you have paper/URL pointer in mind.
 
--- David
 
----- Original Message -----
From: Wang, Cliff
To: 'david chen' ; Sandy Harris ; 'IPsec WG'
Sent: Monday, December 03, 2001 4:15 PM
Subject: RE: On shared keys (was RE: SOI: identity protection and DOS)

See my comments inline.
-----Original Message-----
From: david chen [mailto:ietf_davidchen@hotmail.com]
Sent: Monday, December 03, 2001 3:46 PM
To: Wang, Cliff; Sandy Harris; 'IPsec WG'
Subject: Re: On shared keys (was RE: SOI: identity protection and DOS)

Cliff,
Let's look at this example with some further definition to show why the RSA is more
scalable than the symmetric keys.
 
1) first let's compare that if all keys stored in  server:
a) full-meshed topology:
It's celar that the RSA public keys is much less than the symmetric keys 
in terms of number and the device/public-key association vs. link/public-key association.
In addition, for RSA public key model,
the server in each realm can exchange the stored id/public-key info. without compromise
any privacy of involed devices.  It is scalable that it can incorporate as many as
servers of realms in the internet. 
 
[--------cliff-----] I have already said if you just compare the number of keys, RSA wins, in the case of a full mesh. But there are other issues in the comparison, other than just the number of keys needed.
 
Without CA/cert, the public key/ID binding is questionable.  Also this binding/security  topic is off the scalability issue that my comparison focuses on, within a single realm. If you want to expand the comparion to cross-realm, I can do another number comparison.
 
b) star topology:
Appx. same number of keys stored for both method.
However, the star topooloy Is not scable as the full-meshed topology:
Hub-spoke topology limits the spoke have only 1 secure link.
It is difficult for a device to join across two different spoke-hub.
Hence, it is only good for a small realm and is not as scable as a meshed model.
The Hub-spoke is not what internet's (IP) farvorite topology and don't mention about
secured internet. 
 
[------cliff------] again, you are off the topic. We are not talking about the topology comparison, full mesh vs hub-spoke.
On the contrary to your claim, in our real-world deployment experience, hub-spoke is much more popular.
The reason I did both full mesh and hub-spoke is because they represent two ends of spectrum.
 
 
 
2) what if no server is used. (this means no 3rd-party's help and
    no out-of-band secure channel)
For both the pre-share RSA and symmetric key have same issue of
mutual authentication at beginning...
 
[--------cliff-----] if you name a key delivery scheme, we can do a number comparison, as I did before.
 
 
 
Operational cost is a factor of mathematical effeciency, there are lots of algorithms/variations
 for symmetric and asymmetric keys.  
 
[--------cliff-----] agree. That's why you need to make your assumption first. But key delivery cost is quite independent of mathematics and probably the most demanding job in terms of scalability.
 
 
 
Let's deal with topology first.
 
--- David
 
 
 
 
----- Original Message -----
Sent: Monday, December 03, 2001 2:17 PM
Subject: RE: On shared keys (was RE: SOI: identity protection and DOS)

David,
 
I have been trying to convince people that RSA public operation provides no clear scalability adavantage over symmetric key. So let me do a orange to orange comparison again using a full mesh and a hub-spoke case. I am only willing to agree with your saying that RSA is better in scalability if such comparison proves it.
 
Assumption:
1) No CA
2) RSA key pair generated in device. Symmetric key generated in server.
3) Server needs to deliver either public key or symmetric key.
 
case 1:  Full mesh:  N*(N-1)/2  tunnels 
 
                                             RSA                        PSK                
1) total number of keys            N key pair                N*(N-1)/2 PSK
2) key generation cost             high                         low
3) number of key delivery          N*(N-1)                    N*(N-1)
4) key storage on the box         1 private key            N-1 PSK
                                              N public key   
5) authentication calculation      high                         low
    cost
6) key on server                      N public key             N*(N-1)/2  (usually not stored)
 
 
case 2 : hub-spoke :  N-1 tunnels
 
                                             RSA                        PSK                
1) total number of keys             N key pair               N-1  PSK
2) key generation cost              high                        low
3) number of key delivery          (N-1)*2                    (N-1)*2
4) key storage on the box        
    hub                                     N public key            N-1  PSK
    spoke                                 2 public key              1 PSK
5) authentication calculation      high                         low
    cost
6) key on server                      N public key             N-1 (usually not stored)
 
So if you are only considering the total number of keys, RSA wins. If you look at overall operation cost, the comparison speaks itself. Unfortunately, there is a lack of scalability adavantage for RSA.
 
 
 
>

References: