To:
Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
Cc:
Edward Lewis <edlewis@arin.net>, Markus Stumpf <maex-lists-dns-ietf-dnsop@Space.Net>, dnsop@cafax.se
From:
Brad Knowles <brad.knowles@skynet.be>
Date:
Tue, 15 Oct 2002 23:34:02 +0200
In-Reply-To:
<200210151505.AAA07561@necom830.hpcl.titech.ac.jp>
Reply-By:
Wed, 1 Jan 1984 12:34:56 +0100
Sender:
owner-dnsop@cafax.se
Subject:
Re: Interim signing of the root zone.
At 12:04 AM +0859 2002/10/16, Masataka Ohta wrote: > That's why shared key cryptography, which limits the impact of > compromized security to the small set, members of which are directly > involved in the action, is the way to go. Regardless of the encryption method, you still need a key infrastructure. Shared-key is proven to be "secure" as an inverse power of the number of people who have the key. This simply is not practical on a large-scale public network. Like it or not, public-key is the only choice we have. > On the other hand, the impact of compromized CAs or compromized > employees of CAs is unlimited. Yup. The US Gov't has this problem, too. They have devices called "STUs", which stands for Secure Telephone Unit (last I saw, they were up to STU-III). The STUs can be manufactured in many facilities around the world (including Norway), but once an encryption key has been applied to them, they become export restricted and cannot be returned for repairs to most of the facilities where they were manufactured. These keys are coordinated through a Key Distribution Center. The Russians (and others) have shown extreme interest in compromising the KDC, and they have been known to be successful on at least one occasion in the past. One good compromise of the KDC (or any other kind of CA), and you can have access to hundreds, thousands, millions, or possibly even billions of keys. With these kinds of stakes, people are literally willing to risk their lives, because the consequence of getting caught is to be prosecuted for High Treason. A sufficiently motivated attacker can break any security anywhere. CRLs and PKI are hard. I would like to see you wave a magic wand and come up with a real solution for the problem. I don't see "web of trust" doing us much good here. -- Brad Knowles, <brad.knowles@skynet.be> "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania. GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E W+++(--) N+ !w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++) tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++) #---------------------------------------------------------------------- # To unsubscripbe, send a message to <dnsop-request@cafax.se>.