To:
Derek Atkins <warlord@MIT.EDU>
CC:
Randy Bush <randy@psg.com>, edlewis@arin.net, namedroppers@ops.ietf.org, dnsop@cafax.se, dnssec@cafax.se
From:
Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
Date:
Tue, 16 Jul 2002 15:45:40 +0859 ()
In-Reply-To:
<sjmit3gw4vn.fsf@kikki.mit.edu> from Derek Atkins at "Jul 16, 200202:42:20 am"
Sender:
owner-dnsop@cafax.se
Subject:
Re: dnssec discussion today at noon
Derek; > > By having KDC, we need as much secret key as necessary for PKI with CAs, > > though KDC as the trusted third party is as bogus as CAs. > > > > However, it is fine to have KDC as the trusted first or second party. > > No, it is not sufficient. The problem is that you cannot have a > long-term store-and-forward mechanism with secret-key technology. If > Alice wants to send a secure message to Bob using secret-key > encryption there is no way that Bob can prove to Charlie that Alice > sent the message without revealing their own secret key. I do assume all the related parties are online. > Negative. You want a key between A and D in order to maintain > confidentiality of the transaction. As you said; > I admit that I did not count ephemeral keys in the count, it's OK to have dynamically generated keys between A and D. > > By having KDC, we need as much secret key as necessary for PKI with CAs, > > though KDC as the trusted third party is as bogus as CAs. > > > > However, it is fine to have KDC as the trusted first or second party. > > No, it is not sufficient. The problem is that you cannot have a > long-term store-and-forward mechanism with secret-key technology. I'm saying we shouldn't use long-term store-and-forward mechanism, because it is not really secure. > Moreover, > in electronic transactions the customer may want to have a GOOD IDEA > that they are talking to the "right" merchant (or at least the _same_ > merchant that they were talking to yesterday). The only way to do > this in a scalable way is Certificates. That is a delusion. > As much as I would love to seee Kerberos take over the world, it is > not going to do so. Moreover, with data like DNS, you cannot use > Kerberos because of the caching problem (see my previous statement > about store-and-forward data not working with secret key). Kerberos with KDCs as the trusted third parties is as bad as PKI. > > Weak protection by HTTPS does not essentially add anything. > > It adds confidentiality of your payment token, and it provides > a binding between the payment token and the paid-for object. If you make a transaction confidential to the banks, banks can not assist you to make it secure. Masataka Ohta