Re: PKI is weakly secure (was Re: Updating the rules?)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




This can be said of any technology that is poorly managed.

So, you merely believe that the infrastructure of PKI is well
managed.

In all but a single instance I have no evidence to the contrary. The one case of an exploit was extremely well publicized and ameliorated within days. And that was years ago.

That's exactly why PKI is NOT strongly secure.

And this is an over-generalization. DH is or any other technology is just as easily insecure if the underlying keys are exposed.
You can believe that the infrastructure of the Internet is well
managed, eaqually easilly.

Some is, and some isn't. That's my point. But here's a question: what's the exposure in the case where some isn't?

On the other hand, can you cite examples of a well known certificate (say one that I might have found in Mozilla, Netscape, Firefox, etc) that has actually been compromised?

Can you cite examples of a tier1 ISP that has actually been
compromised for active attack against DH?

No, but many have been compromised, whether they used DH (in who knows what) or not. Furthermore, the comparison is not appropriate. DH is merely an encryption method and speaks nothing to how longer lived keys are exchanged (or not).

I know of precisely one example.

That's a lot more than enough.

Well, there have been car accidents, train accidents, plane accidents, and boat accidents, as well as pedestrian accidents, and the most common cause of accident - a kitchen accident. I take it you stay in your bedroom all day?

Eliot

_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]