RE: PKI is weakly secure (was Re: Updating the rules?)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Title: Re: PKI is weakly secure (was Re: Updating the rules?)
From a business point of view I am equally happy selling symmetric key, KDC type approaches as PKI. In point of fact I am currently co-chair of a working group that is developing a symmetric key protocol.
 
However there are very few security advantages in the KDC model (e.g. resistance of symmetric key crypto to quantum cryptanalysis), plenty of security disadvantages (much more limited hardware support, not possible to apply same separation of duties controls) and some really serious operational constraints.
 
From a historical point of view it is certainly true that we probably made a mistake in the original conception of PKI as making the KDC model obsolete. A synthesis of the two approaches would have been much more valuable. In particular if SSL had supported kerberos ticket like capabilities from the start. We later added KDC type capabilities to PKI with protocols like XKMS and OCSP.
 
But the argument here strikes me as little more than an emacs/vi contest.
 
 
Regardless of the technical infrastructure you employ you still have to map the network identifiers to real world identities. And that is an excercise that requires expense and consistency and attention to detail and is as boring as sin for the people actually doing it.
 
Proposals to do away with commercial PKI come in two flavors. The first is technological magic which is founded not on a misunderstabing of the problem but a complete failure to understand that the problem exists. The second is the open source effort objection which is pretty much as viable as an open source effort to do people's tax returns for them.
 

 

From: Masataka Ohta [mailto:mohta@xxxxxxxxxxxxxxxxxxxxxxxxxx]
Sent: Wed 11/07/2007 5:04 AM
To: Eliot Lear
Cc: Douglas Otis; IETF discussion list
Subject: Re: PKI is weakly secure (was Re: Updating the rules?)

Eliot Lear wrote:

> What I was referring to was
> Ohta-san's implication that PKI is fundamentally flawed.  Perhaps it is,

Perhaps.

Though my statement so far is PKI is not strongly secure, it implies
that you can choose from equally secure design alternatives.

See below.


> but I don't see anything better for key distribution to millions of
> people.  If you, he, or anyone else comes up with something better, I'm
> all ears.

Though I'm not so sure about your requirement, if you need fairly
secure key distribution mechanism over the Internet, KDC, not CA,
based schems such as Kerberos, is better than PKI.

Though KDCs require real time communication, it's free over the
Internet.

Moreover, because key distribution is in real time, key invalidation
is instantaneous without complex mechanisms such as CRLs. That is, you
can shutdown spam site instantaneously.

Or, as you are trying to create a new key distribution network from
the beginning, it should be easier to create a new mail distribution
network from the beginning where mails are allowed only between
pre-recognized bodies.

A very good property of this approach is that we don't need any
cryptography nor new protocol. Just have a list of IP addresses of
thousands or tens of thousands of root mail servers and set up our
mail software to accept mails only from them or our own proxy and
send mails only to them through proxies registered to a root mail
server or two or three...

Setting up a new mail network is hard but, IMHO, much easier than
setting up a new PKI.

Though neither of the above protect us spams from cracked accounts,
we are not annoyed by delays with CRLs.

Of course,  CAs, ISPs, KDCs and root mail servers are not very
trustworthy but they should increase the cost of spammers.

                                                Masataka Ohta


_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]