To:
Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
Cc:
Edward Lewis <edlewis@arin.net>, Markus Stumpf <maex-lists-dns-ietf-dnsop@Space.Net>, dnsop@cafax.se
From:
Brad Knowles <brad.knowles@skynet.be>
Date:
Tue, 15 Oct 2002 23:34:02 +0200
In-Reply-To:
<200210151505.AAA07561@necom830.hpcl.titech.ac.jp>
Reply-By:
Wed, 1 Jan 1984 12:34:56 +0100
Sender:
owner-dnsop@cafax.se
Subject:
Re: Interim signing of the root zone.
At 12:04 AM +0859 2002/10/16, Masataka Ohta wrote:
> That's why shared key cryptography, which limits the impact of
> compromized security to the small set, members of which are directly
> involved in the action, is the way to go.
Regardless of the encryption method, you still need a key
infrastructure. Shared-key is proven to be "secure" as an inverse
power of the number of people who have the key. This simply is not
practical on a large-scale public network. Like it or not,
public-key is the only choice we have.
> On the other hand, the impact of compromized CAs or compromized
> employees of CAs is unlimited.
Yup.
The US Gov't has this problem, too. They have devices called
"STUs", which stands for Secure Telephone Unit (last I saw, they were
up to STU-III). The STUs can be manufactured in many facilities
around the world (including Norway), but once an encryption key has
been applied to them, they become export restricted and cannot be
returned for repairs to most of the facilities where they were
manufactured.
These keys are coordinated through a Key Distribution Center.
The Russians (and others) have shown extreme interest in compromising
the KDC, and they have been known to be successful on at least one
occasion in the past. One good compromise of the KDC (or any other
kind of CA), and you can have access to hundreds, thousands,
millions, or possibly even billions of keys. With these kinds of
stakes, people are literally willing to risk their lives, because the
consequence of getting caught is to be prosecuted for High Treason.
A sufficiently motivated attacker can break any security anywhere.
CRLs and PKI are hard. I would like to see you wave a magic wand
and come up with a real solution for the problem. I don't see "web
of trust" doing us much good here.
--
Brad Knowles, <brad.knowles@skynet.be>
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-Benjamin Franklin, Historical Review of Pennsylvania.
GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E W+++(--) N+ !w---
O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)
#----------------------------------------------------------------------
# To unsubscripbe, send a message to <dnsop-request@cafax.se>.