[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SOI QUESTIONS: 2.3 Perfect forward secrecy (PFS)
On Thu, 20 Jun 2002, Tylor Allison wrote:
> ...Without
> a clear and concise mandate from this WG on the minimum requirements for
> PK/PKI, there will be interoperability problems...
Yes, and this is a problem... why, exactly? This just means that such a
solution must include such a clear and concise specification of how to
proceed. That doesn't seem contrary to the laws of physics; surely it can
be done.
> ...The same really can't be said for pre-shared keys...
> they are simple, straight-forward, and almost guaranteed to interoperate
> between any two vendors. Why throw it away?
Because there is a price, one that may not be worth paying.
I would be happier about adding/retaining a second authentication scheme
if it paid for itself in some other way too, e.g. the suggestion that a
well-designed shared-secret authentication scheme could also handle most
of the legacy-authentication problem.
Henry Spencer
henry@spsystems.net