This can be said of any technology that is poorly managed.
So, you merely believe that the infrastructure of PKI is well
managed.
In all but a single instance I have no evidence to the contrary. The
one case of an exploit was extremely well publicized and ameliorated
within days. And that was years ago.
That's exactly why PKI is NOT strongly secure.
And this is an over-generalization. DH is or any other technology is
just as easily insecure if the underlying keys are exposed.
You can believe that the infrastructure of the Internet is well
managed, eaqually easilly.
Some is, and some isn't. That's my point. But here's a question:
what's the exposure in the case where some isn't?
On the other
hand, can you cite examples of a well known certificate (say one that I
might have found in Mozilla, Netscape, Firefox, etc) that has actually
been compromised?
Can you cite examples of a tier1 ISP that has actually been
compromised for active attack against DH?
No, but many have been compromised, whether they used DH (in who knows
what) or not. Furthermore, the comparison is not appropriate. DH is
merely an encryption method and speaks nothing to how longer lived keys
are exchanged (or not).
I know of precisely one example.
That's a lot more than enough.
Well, there have been car accidents, train accidents, plane accidents,
and boat accidents, as well as pedestrian accidents, and the most common
cause of accident - a kitchen accident. I take it you stay in your
bedroom all day?
Eliot
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf