----- Original Message -----From: Wang, CliffSent: Monday, December 03, 2001 10:59 PMSubject: RE: On shared keys (was RE: SOI: identity protection and DOS)David,As I said earlier, let me summarize my discussion and hopefully to stop this thread.Based on the assumption (no CA, out-of-band delivery, for full mesh or hub-spoke) and my analysis result, I failed to see the scalability advantage of RSA public based on the comparison numbers. It is not important for me to convince you or not. However, it is important to do an accurate analysis based on the assumption. From the result, the reader of this thread can decide for themselves. The number and fact will speak for itself, whether there is an adavantage or not, right?Thank you for your discussion.-----Original Message-----
From: david chen [mailto:ietf_davidchen@hotmail.com]
Sent: Monday, December 03, 2001 6:16 PM
To: Wang, Cliff; Sandy Harris; 'IPsec WG'
Subject: Re: On shared keys (was RE: SOI: identity protection and DOS)Cliff,You know the remote-access and IP 'back-bone' are the topology ofsopke-hub and mesh.You know the assumptions are no CA and using out-of-band secured channel forboth RSA and symmetric keys.It is clearly, given same topology, key delivery method are used,RSA public keys is much more scalable than symmetric keys.If cert/PKI/CA ultimately depends on "self-signed cert",the PKI model is no better than pre-shared model and worser due toits complexicity.But, this is another discussion.--- David----- Original Message -----From: Wang, CliffSent: Monday, December 03, 2001 5:41 PMSubject: RE: On shared keys (was RE: SOI: identity protection and DOS)David,1) my analysis is on scalability, using hub-spoke and full mesh as two cases, since they represent two ends of the spectrum. It is NOT my intention to compare the topology themselves.2) Key distribution is the most demanding and critical job. Without PKI, there is no clear scalability advantage of using public key. That's why PKI is introduced.3) Let's stop the thread here since enough fact and analysis has been presented. People on the list are able to draw their own conclusion based on the analysis. It is much less important for us to agree with each other.-----Original Message-----
From: david chen [mailto:ietf_davidchen@hotmail.com]
Sent: Monday, December 03, 2001 5:14 PM
To: Wang, Cliff; Sandy Harris; 'IPsec WG'
Subject: Re: On shared keys (was RE: SOI: identity protection and DOS)Cliff,As in communication, topology first.It was you to bring up hub-sopke against mesh.1) Don't find anyone claim don't want to have more than one secure link.Since RSA is the same (as symmetric) in hub-sopke andbetter in mesh, it is clear to me RSA is better.2) For pre-shared RSA key and pre-shared symmetric key,The delivery method are through the same "out-of-band" secured channel.This was the assumption.It assumed no CA and don't need it.3) The operation cost has different meaning for different profession.Let's defined it as the computional cost; and that is *ultimately* mathematical bond.(since, it is 'computatoin'. :-)The crypto-algorithm, number of transcations, protocol used,.. (and others) are all factors ofthe computational cost.Can't be done this way (in e-mail) unless you have paper/URL pointer in mind.--- David----- Original Message -----From: Wang, CliffSent: Monday, December 03, 2001 4:15 PMSubject: RE: On shared keys (was RE: SOI: identity protection and DOS)See my comments inline.-----Original Message-----
From: david chen [mailto:ietf_davidchen@hotmail.com]
Sent: Monday, December 03, 2001 3:46 PM
To: Wang, Cliff; Sandy Harris; 'IPsec WG'
Subject: Re: On shared keys (was RE: SOI: identity protection and DOS)Cliff,Let's look at this example with some further definition to show why the RSA is morescalable than the symmetric keys.1) first let's compare that if all keys stored in server:a) full-meshed topology:It's celar that the RSA public keys is much less than the symmetric keysin terms of number and the device/public-key association vs. link/public-key association.In addition, for RSA public key model,the server in each realm can exchange the stored id/public-key info. without compromiseany privacy of involed devices. It is scalable that it can incorporate as many asservers of realms in the internet.[--------cliff-----] I have already said if you just compare the number of keys, RSA wins, in the case of a full mesh. But there are other issues in the comparison, other than just the number of keys needed.Without CA/cert, the public key/ID binding is questionable. Also this binding/security topic is off the scalability issue that my comparison focuses on, within a single realm. If you want to expand the comparion to cross-realm, I can do another number comparison.b) star topology:Appx. same number of keys stored for both method.However, the star topooloy Is not scable as the full-meshed topology:Hub-spoke topology limits the spoke have only 1 secure link.It is difficult for a device to join across two different spoke-hub.Hence, it is only good for a small realm and is not as scable as a meshed model.The Hub-spoke is not what internet's (IP) farvorite topology and don't mention aboutsecured internet.[------cliff------] again, you are off the topic. We are not talking about the topology comparison, full mesh vs hub-spoke.On the contrary to your claim, in our real-world deployment experience, hub-spoke is much more popular.The reason I did both full mesh and hub-spoke is because they represent two ends of spectrum.2) what if no server is used. (this means no 3rd-party's help andno out-of-band secure channel)For both the pre-share RSA and symmetric key have same issue ofmutual authentication at beginning...[--------cliff-----] if you name a key delivery scheme, we can do a number comparison, as I did before.Operational cost is a factor of mathematical effeciency, there are lots of algorithms/variationsfor symmetric and asymmetric keys.[--------cliff-----] agree. That's why you need to make your assumption first. But key delivery cost is quite independent of mathematics and probably the most demanding job in terms of scalability.Let's deal with topology first.--- David----- Original Message -----From: Wang, CliffSent: Monday, December 03, 2001 2:17 PMSubject: RE: On shared keys (was RE: SOI: identity protection and DOS)David,I have been trying to convince people that RSA public operation provides no clear scalability adavantage over symmetric key. So let me do a orange to orange comparison again using a full mesh and a hub-spoke case. I am only willing to agree with your saying that RSA is better in scalability if such comparison proves it.Assumption:1) No CA2) RSA key pair generated in device. Symmetric key generated in server.3) Server needs to deliver either public key or symmetric key.case 1: Full mesh: N*(N-1)/2 tunnelsRSA PSK1) total number of keys N key pair N*(N-1)/2 PSK2) key generation cost high low3) number of key delivery N*(N-1) N*(N-1)4) key storage on the box 1 private key N-1 PSKN public key5) authentication calculation high lowcost6) key on server N public key N*(N-1)/2 (usually not stored)case 2 : hub-spoke : N-1 tunnelsRSA PSK1) total number of keys N key pair N-1 PSK2) key generation cost high low3) number of key delivery (N-1)*2 (N-1)*24) key storage on the boxhub N public key N-1 PSKspoke 2 public key 1 PSK5) authentication calculation high lowcost6) key on server N public key N-1 (usually not stored)So if you are only considering the total number of keys, RSA wins. If you look at overall operation cost, the comparison speaks itself. Unfortunately, there is a lack of scalability adavantage for RSA.>