Re: PKI is weakly secure

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Sam Hartman wrote:

>     Masataka> Given that CAs of PKI can be compromised as easily as
>     Masataka> ISPs of the Internet, PKI is merely weakly secure as
>     Masataka> weakly as the plain Internet.
> 
> I'd consider DH a fine strong security mechanism in a number of cases.

DH is, though not strong, pretty secure only *IF* you can securely
identify your peer.

If, for the identification, you use plain DNS or, so called secure
DNS, neither of which is strongly secure, TCP sequence number gives
proper level of security.

Stephen Kent wrote:

> The notion of CA compromise and ISP comprise are not completely 
> comparable, which makes your comparison suspect.

As I already mentioned, social attacks on employees of CAs and
ISPs are equally easy and readily comparable.

> Also, the security implications of errors (or sloppiness) by ISPs is 
> very different from that of CAs, so I don't think your comparison makes 
> sense in that regard as well.

Given the sloppiness of current DNS management, secure DNS CAs, which
is an PKI, will be no different from that of ISPs.

It hard for you to recognize that most, if not all, of the effort
of IETF security area has been wasted in vain. But that's the
reality.

						Masataka Ohta


_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]