Re: SOI QUESTIONS: 2.3 Perfect forward secrecy (PFS)

[Henry Spencer <henry@spsystems.net>]

On Thu, 20 Jun 2002, Paul Koning wrote:
> >   They migrate from distributing opaque blobs of hex digits that must be
> > kept private to distributing opaque blobs of base64 digits that do not
> > benefit from staying private, but it doesn't hurt them either.
> >   Can they tell the difference? The length is a bit longer.
> 
> A LOT longer.  Long enough that -- unlike preshared keys -- you cannot
> enter them manually.

Although, as has been noted before, it's quite conceivable to generate RSA
keys from preshared keys in some standard, systematic way.  There are two
separate issues here:  the bits on the wire, and the user interface. 
Wanting a simple shared-secret user interface doesn't mean it has to be
reflected in the on-the-wire protocol.

> >   Everyone please repeat: PK does not require I to be useful.
> 
> True.  But PK, even if all you ever use is selfsigned certs, still
> needs a lot more near-incomprehensible concepts than preshared keys
> do.

How many are required if all you ever use is RSA keys?  (PK does not
require certificates either -- they are an artifact of the "I" part.)

                                                          Henry Spencer
                                                       henry@spsystems.net